How should i design a login protocol to be more secure the way i have it right now is
- the client connects and sends his username
- the server sends the salt(always same) for the user
- the client adds the salt to the password hashes it and sends it to the server
This way the password is hidden all the time but it does not stop a hacker to just copy the hash if he can come over it and send it after he recived the password...