I think you said the same as me: Client: Password = "password" h = Hash(Password) h is "GddTHww90lze7vnmxG" (whatever) Sends h over the network to the server. h is a string, so this approach is simply vulnerable. SRP seems to be very good, but because I don't know it well, I think I'll delay it for a while. Thank you