As of r16771, the login-server can perform a server-side check of the client MD5 hash, ensuring that the client was not tampered.
The client only send the correct MD5 hash on certain server types/server types so a diff is needed to ensures that it will send the hash, for this you can use this WeeDiffGen plugin.
Check conf/login_athena.conf for instruction on how to enable it.