How many of you are using crypt() from -lcrypt ? And how many are aware that it only takes the first 8 characters you type ?
I'm aware of the limitations of the DES algorithm. Fortunately, at least if you're using glibc 2.7 or higher, crypt() also supports MD5, SHA-256, SHA-512 and in some cases Blowfish.
I favor SHA-512 and ssh keys (RSA 2048, typically) for new code.
SHA-256 is nice and fast, as secure as you need for a game, and the source is widely available under pretty much any license you like. Using a local implementation means you aren't tied to whatever the OS uses, which means if you move your MUD from one host to another, you don't ever run the risk of your preferred encryption not being there.
And how many are aware that it only takes the first 8 characters you type ?