Comment Re:Do not use standard passwords (Score 1) 198
If you keep the salt secret, the client is required to send a plaintext password to the server to have it hashed. If the salt is public (sent to the client), the client can do the hashing locally and avoid ever sending the plaintext password to the server (which might be compromized). So my guess for a fairly secure login/authentication scheme (IANACE):
client: Hi I'm foo@bar, give me a nonce and my salt.
server: Here is you nonce with a salt.
client: sents hash(hash(secret+salt)+nonce)
server: compares hash(hash(secret+salt)+nonce)==hash(DB[user][passwd]+nonce)
It keeps the password secret even from the server, the nonce prevents replay attacks. Login could even be done over an unencrypted connection. Could be wrapped with another nonce to prevent sending foo@bar as plaintext.
The weakest point is sending the newly created saltedhash to the server at account creation as the saltedhash is essentially the password. Add a little PKI to increase safety.