Comment by coolThingsFirst
10 months ago
> Like the traditional password authentication approach, the user and the authority (server) still needs to agree on a common secret key.
Not sure what you mean by this, the server checks the hashed version of the password.
Hashing is done before storing the secret on the server side. Therefore they still need to communicate regarding the intial secret.
[dead]