First and foremost understand the problem. You need to be able to 1) Generate secure keys 2) Generate those keys securely to people who purchase your game 3) Store those secure keys in a secure database 4) Validate keys securley. This requires infrastructure to be done right and if the infrastructure fails you can see your DRM system fail or people will not be able to access their purchase.
The first step is to generate keys. I recommend avoiding MD5/SHA at all costs as they are very popular and have extensive rainbow tables available and can be easily bruteforced. I would recommend researching Blowfish or something beefier/more obscure. Security through obscurity can be a good thing here. The next step is to distribute and store these keys. An obvious solution is to throw up a DB and start throwing stuff into it. I would recommend however using another type of crypto to store the already generated keys. This way the raw keys have to first be broken at the DB layer and then again in order to be exploited. A rule should be that nobody expect the underlying systems should ever see the actual keys expect the user following their purchase. The validation of keys is the easiest part, but keep in mind this requires either a local DB shipped with every copy of the game containing every key OR an online solution that requires the user to have an internet connection to validate. That is a decision that you must make based on resources and intent.
Be smart with how you implement this if you are serious about it. I don’t support DRM, but I understand many see it as a necessary evil.