Hide password from server
I’m a beginner in cryptography and for my first project I use the client’s password to encrypt some data. More specifically, I use the password as passphrase in RSA private key generation). However, I do not want to trust the server when sending the login and password for registration/login. If the server saves the password secretly, it can decrypt the data too (since the encrypted data is also stored on the server, together with the enxrypted private key).
I thought about a fix: never send the real password to the server, but always the hash of the password (the real password is only saved in the client code as a global variable when a login is succesful).
Is this a good solution? What would be the problems here? Are there any (easy) alternatives?
Thanks in advance.
