I want to send a secret to a server, say the domain the current browser is visiting, but I don't want the server to know what the website address is, only if the server has a matching record for this specific domain.
I was thinking of simply hashing the domain-name on the client, and using then comparing hashes on the server, but in my late night of thinking, so to say, I can't think of a way to prevent the server from using the same hashing algorithm to "reverse" or "brute force" it's way to the answer.
So say the server was compromised, it has a hashed value + an identifier such as an IP. Now it could simply brute force all the dirties websites in the world, to see what website would return the same hash.
I was thinking of SRP (Secure Remote Password) -- not sure if that would make any real difference in this case.
Good night.