Encrypting the password text with PBKDF2 (a few hundred rounds) before transmission to the server would increase trust and lay the foundations for private key generation from the user's password.
This wont replace the existing bcrypt hashing; that will still be done server-side, prior to DB storage or comparison.
Encrypting the password text with PBKDF2 (a few hundred rounds) before transmission to the server would increase trust and lay the foundations for private key generation from the user's password.
This wont replace the existing bcrypt hashing; that will still be done server-side, prior to DB storage or comparison.