I think you said the same as me: Client: Password = "password" h = Hash(Password) h is "GddTHww90lze7vnmxG" (whatever)
Sends h over the network to the server. h is a string, so this approach is simply vulnerable. SRP seems to be very good, but because I don't know it well, I think I'll delay it for a while. Thank you -- http://mail.python.org/mailman/listinfo/python-list