You could use a oneway hash at the client side as well.
If you don't want to divulge what's the hash in your database, you can add another oneway hash for whatever reaches the server.
The challenge-response can also be based on hashes.
You could use a oneway hash at the client side as well.
If you don't want to divulge what's the hash in your database, you can add another oneway hash for whatever reaches the server.
The challenge-response can also be based on hashes.