Where do I salt and hash my Passwords? At the client or at the host?

Question

I think it would be smarter to salt and hash passwords directly on the client\'s machine. The reason is, that I actually never want to get the password of the user. It is a

Answer 1

Sending either the passphrase or its hash lets an attacker record the hash and use it in a replay attack.

You generally want to use a challenge/response protocol, which means you send out a random number. The client encrypts (or does a keyed hash on) that random number using the hash of their passphrase as the key, and sends back the result. You do the same, and see of the two match.

This lets you verify matching keys without every sending the key itself across the insecure channel.

As for how you get the data initially to be able to do that comparison, yes, you usually want the client to hash the passphrase, then encrypt it with the server's public key, and send the result of that encryption.