In: Computer Science
Recall that even if the server only stores f(p), client has to send p in clear to authenticate to the server. If the adversary is watching, it learns p. Normally you have to use HTTPS to solve this problem. Alice has another idea. Instead of client sending p, client will instead only send f(p) to the server to authenticate. Then the adversary never learns p even if it can watch the whole communication. Is this a good idea?
The authentication system have to be very secured these days as the chances for getting attacked is very high. We should use high end mechanism to encrypt the authenticating proess. It is must to use a HTTPS protocol for authentication to protect maximum. The idea of Alice may work but still not safe.
If f(p) is send to the server, server have to generate p from f(p). This will make the system complex. There should be a decrypting mechanism in the server side to generate p from f(p). This mechanism can be fetched and used by an attacker so that the attacker can now generate p from f(p) and authenticate to the system.
Today, attackers are even capable of finding the private key from the public key. That level of decrypting system are using by them. So sending f(p) directly without the HTTPS protocol is much risking. HTTPS itself provide adequate protection for the transmission. Using HTTPS and sending f(p) instead of sending p would be recommended for maximum security.