-----Original Message----- *snip* > Hmm, AFAIK such password protection is a designed feature of DIGEST-MD5. > To take advantage of the feature, when registering a new account a user > must provide their DIGEST-MD5 inner password hash instead of their password.
Which brings you round to square one. Server sends salt, client sends MD5(salt+password). I.e. server also needs password to do the exact same operation to check for equality, which isn't the best. What we really need is a static and dynamic salt, one that never changes and one that changes for each login, thus: MD5(salt1+MD5(salt2+password)). This means that each user in the database can have a different salt (protecting users in the case of a compromised database), and the digest can be different each time for the same password (protecting users from a replay attack).