Does it make security sense to hash password on client end

Question

If you were to hash a user\'s password prior to sending it across the line and leaving it in plain-text in memory, would this improve the security of the application?

<

Answer 1

The hash is identical to the password from a security POV in the scenario you describe: if I intercept the hash, I don't need to know the password, I can just send the server the hash I intercepted.

Authentication protocols go to some length to avoid this problem; security is hard, and you are best off selecting and implementing a well-understood protocol rather than rolling your own.

If your traffic is going over SSL, you're safe from interception and hashing gives you little extra benefit.