[izakage]

If passwords were hashed+salted client-side, an attacker could use the hash+salt in exactly the same way as they would a 'raw' password.

So the answer is no; the strength measurement would be done on the server when the password is being hashed or verified.

[Joeri]

That's true only for the initial password creation. During verification you could send down two salts, the real salt and a session salt. You double-hash the password on the client with both salts, and the server hashes on the server with the session salt. The hash that gets sent over the wire cannot be used for replay attacks.

I don't think it adds much security though. If you don't trust the channel to properly protect the transmitted password, it's not possible to build a trusted relationship with the server. You have to assume ssl works.