This is digest encryption. While it's a great alternative to sending passwords in cleartext, it does have some major disadvantages.
> It prevents the use of a strong password hash (such as bcrypt) when storing passwords (since either the password, or the digested username, realm and password must be recoverable) [1]
Much better to have bcrypt'ed passwords stored on the server and your private SSL keys. If your compromised, revoke the SSL keys, and force users to change their passwords. With strong bcrypt'ed passwords, you can be reasonably sure passwords can't be recovered, but best to enforce resets anyways. With digested passwords, those will be recovered and end up in Troy Hunt's Pwned Passwords database.
