Comment Re:Use md5 (or something) over the wire (Score 4, Informative) 185
Hash = 1-way crypto
The only way to "un-md5" anything is to crack it. Also, I'm not sure you actually put any real thought into this.
Since it's best practice to store only password hashes (and not the passwords themselves) in your database (or whatever), your process is apparently:
- Client md5's the password, sends it to server
- Server "un-md5"s the password (let's say for argument's sake that this makes perfect sense)
- Server md5's the un-md5'd password
- Server checks hash against user's hash in the database