I understand! I understand! It all came clear to me in a flash, a splash, a gentle pitter patter of "OH DAMN, YEAH!"
See, I wanted to write a chat server/client, and... I didn't want to transmit plain text passwords. Right?
Right. (???)
okay. client connects to server, server challenges client with a unique phrase... client one-way-encrypts password with said phrase... server one-way-encrypts the local password with said phrase. and bam. :)
the one problem then is the server doesn't really have the password either. though that's not entirely a problem I guess. Everything's salted already... so the client just has to know how to salt, and then sends the salt encrypted by a OTP.
what encryption to use... salt again? might as well since it's already there... except salt only operates on two letters. so that wouldn't make a huge set of OTPs. maybe salt a salt a salt a salt a salt. I guess I need to do more reading to see if salting twice is any more secure than salting once. Or find some other way to do it.