It still leaves the problem of password sniffing over an unsecured network, but I think that could be solved by generating a salt on the server for each login request, and then transmitting that salt to the client, where it's used to re-hash the password-equivalent. That would also help protect against something like a DNS compromise, since effectively every user's password changes every time they log in.
There are still plenty of ways to break this scheme, but I think at this point it's Sufficiently Hard (tm) enough to be suitable for an online forum.
...and I imagine that somewhere, tptacek is screaming, "Just use SSL!"
I mean, there are a few standpoints here: if you're running a site, use SSL, if you're a user, don't reuse passwords or use something like PWDHash, or if you're working on a browser or you're an admin, consider a way, like PWDHash, of making it so that a password compromised at one site doesn't compromise any others.
It still leaves the problem of password sniffing over an unsecured network, but I think that could be solved by generating a salt on the server for each login request, and then transmitting that salt to the client, where it's used to re-hash the password-equivalent. That would also help protect against something like a DNS compromise, since effectively every user's password changes every time they log in.
There are still plenty of ways to break this scheme, but I think at this point it's Sufficiently Hard (tm) enough to be suitable for an online forum.
...and I imagine that somewhere, tptacek is screaming, "Just use SSL!"