• Game Overview: Super Tilt Bro. is an online game where you can make an account for the official ranking. But technical troubles start when entering login/password.
• Password Protection: The minimum expected for password protection now is that it never transits unencrypted on the network and is not stored on the server. A typical website uses HTTPS and stores a salted hash. Super Tilt Bro. also uses salted hash to protect passwords. It computes the hash of the password with the login, sends the salted hash to the server once to get a login token, and the password itself never leaves the NES.
• SHA-256 Hash Algorithm: SHA-256 can take data of any length and transform it in a way that it is not possible to come back. Super Tilt Bro. uses SHA-256 which is unbroken and performs efficiently enough on the 6502 CPU. It operates on big endian 32-bit words and requires 8 variables and 64 constants. The message to be hashed is padded and processed in chunks. Super Tilt Bro. rearranges the tables to access bytes more naturally in absolute-indexed addressing mode. The SHA-256 implementation has been tested with C implementation and has some unit tests and fuzzing test.
• Conclusion: Super Tilt Bro. uses modern cryptography to protect passwords but it may have errors. It was fun to implement SHA-256 on the NES. There are some links for further reading.
• Get the Game: You can get Super Tilt Bro. for NES.