As of r16771, the login-server can perform a server-side check of the client MD5 hash, ensuring that the client was not tampered. The client only send the correct MD5 hash on certain server types/server types so a diff is needed to ensures that it will send the hash, for this you can use this WeeDiffGen plugin. Check conf/login_athena.conf for instruction on how to enable it.