This page demonstrates client-side HMAC-SHA-256 hashing of a user submitted password before it is sent to the server. This makes it possible to use form-based login without requiring the server to know the password.
SHA-256 implementation:
A JavaScript implementation of the Secure Hash Algorithm, SHA-256 Version 0.3 Copyright Angel Marin 2003-2004 - http://anmar.eu.org/ Distributed under the BSD License Some bits taken from Paul Johnston's SHA-1 implementation
The HMAC-SHA-256 implementation has been added by me, with a little help from PasswordMaker.