How to only send hashed passwords while not storing passwords in plaintext on the sever?

In a web-based auth system I do the following:

Client: Ask the server for a “nonce”.
Client: Generate a “cnonce”.
Client: hash(nonce + cnonce + password)
Client: Send cnonce and the hash from point 3 to the server.
Server:… Continue reading How to only send hashed passwords while not storing passwords in plaintext on the sever?