[josai]

> ...Which is why I said "over a secure connection".

... and how do you set up a secure connection without a pre-existing password?

Your solution has a chicken-and-egg problem.

[jimktrains2]

SRP (e.g. TLS-SRP) doesn't require the server to have the plaintext password.

[0] http://en.wikipedia.org/wiki/Secure_Remote_Password_protocol

[josai]

The guy I was replying to was arguing against SRP and proposing his own ad-hoc solution.

[TheLoneWolfling]

HTTPS, the same way everything else solves this problem.

[jimktrains2]

HTTPS doesn't solve the problem of not having to send the plaintext password to the server.

SRP does.

[0] http://en.wikipedia.org/wiki/Secure_Remote_Password_protocol