I've been looking into the AES Encryption extension..

I want to send a password from the client to the server, then verify that the password is correct.. But I don't know how to do it safely.

If I want to send the password encrypted, then the extension requires an encryption key to be added first.

If I randomise this key then the server gets a different hash every time and I don't know how to get the same randomised key on the server to verify the password. But I also do not want to decrypt the password, as it shouldn't be needed. Just verify the hash instead.

If I use a set key on the client, then I feel like it's not safe, because I feel like someone could just grab the key from the client.

If I send the key in a message from the server to the client on connect, I feel like anyone could just sniff that out as well.

What's the best way to do this?