Are there are any good one-way functions that you can calculate in your head? I thought the ones used for real cryptographic purposes are much too difficult? (Hence, I wonder if they are truly one-way.) Of course, you don’t need something so complicated for this purpose, and I guess it doesn’t even need to be one-way.

Just for the benefit those who don’t know much about password handling and hash functions: a hash (‘one-way’) function is a mathematical operation that is easy to calculate but extremely difficult (computationally intensive) to undo. The way a password is stored on unix computer systems is that your password is first ‘hashed’ (that is, you put it through the hash function) and the ‘hash’ (the result) is stored in a special file. When you need to log in, you type in your password, the computer hashes it and compares it to the pre-stored hash. The idea is that your actual password is never stored anywhere, so that if someone manages to see the password file they cannot do anything with it. All good password handling should be done in this way. Hence Rohan’s comment that internet services should not even know your password, since they should only store its hash.

Internet passwords in general are a nightmare. Sometimes the first thing a service will do after you sign up is send you an e-mail containing your password, which is ridiculous! They shouldn’t even know your password, let alone send it across the world in such a way that everyone between you and them can read it.