int [int]

What I want to do is to make it impossibly to sniffer the user password at the login process in an HTTP connection. And to make it impossibly to find the password using one HASH database.
Algorithm

1)
Drupal send to one variable to the client javascript. (keyAlgo)
keyAlgo = Rand.next() + Guid; (One random integer + one Globally Unique Identifier)
Save keyAlgo in
session('keyAlgo') = keyAlgo;
2)
The User put the password + username and press the submit button.
Execute the onClick atribut the function secureLogin().
The function secureLogin() have:
var password = SHA256(HASHBD(password) + keyAlgo); // HASHBD() the hash algorithm used by drupal to store the password in DB.
Send the new values to the login form.

3)
The function that comprove the user login:
Caculate the
var passwordCalc = SHA256(passwordDB + session('keyAlgo'));

Comprove
if passwordForm = passwordCalc.

So the password sended over the network is hash, but is a one-time hash (Change every time (GUID) and is impossible to preview (Random integer)).
The hash password is also almost impossibly to find the password using one HASH database. Because the hash password is too big (userpassword + GUID + Integer) and because is unic hash everytime.

Resum: Everytime that one user connectes (The same password), the the password hash sended over the network is useless for the next login.

I will upload soon the module.

@Heine we are hashing all passwords in the database. And with the D7 we are increase the hash algorithm.
So yes.. Must be important.

So yes, still this don't make you site sniffer safe, but it much better with this..

If I know your password, I can login at any time at you website, and also at others websites that you uses(also if you only login at this other websites with https). (studies says that normal people don't have more 1-2 passwords).

>>Then what is this technique _actually_ guarding against?

This technique guarding that sniffer don't get your password, because your password is hashed, and only the hashed is sended over the network. Also is impossibly to use one HASH database to optain your password, because the hash is one-time only and not predictable.

>>And what guarantees you are entering your pwd on the intended site?
Because the user_login send your passwordHash (what is in fact you password+key hashed) and in the server it comprove if the hash if correct with the hash password that we have allready in the DB.

With SH256 is almost impossibly to have colisiones.

Algoritm attached

That's fair enough. I will contribute the safer_login module.