Client side password hash versus plain text

Most websites will send a plain-text password over an SSL / HTTPS encrypted connection. Client-side password hashing can be done, but the advantage is small and often client-side languages ​​(JavaScrypt) are slow so you can count fewer rounds in the same time, which weakens the hash. In each case, the server must also compute the hash to be safe.

The advantage is small, because if an attacker can attack ManInTheMiddle, he can also modify / remove the script (JS) that does the hashing. Only an encrypted connection with SSL / HTTPS can protect against a MITM attack, so you need SSL anyway.

In your case with the application, it looks a little different. Since the user has to install your software first, there is no need to send the script to the client, so MITM cannot change this script. In addition, the application can compute the hash relatively quickly (if it can run native code) and therefore can do enough rounds on the client side.

This is what I would do:

• For convenience, send the password in plain text over an SSL / HTTPS encrypted connection and compute the slow side of the BCrypt hash key server as you do now.
• Only if the load on the server becomes too heavy, you can move the BCrypt slow hash computation to the client application. Still use HTTPS to send the hash, and then compute an extra fast hash (like SHA-256) on the server. This is more difficult because you have to exchange and store the salt separately.