This is why you shouldn't "innovate" with encryption unless you are a trained cryptographer (or equivalent). Cryptographers may be programmers, but programmers are not cryptographers.
But it seems it wasn't obvious to bullen that this way the password is essentially sent in plain text. So yes, let your authentication be analyzed by an expert or use standard software.
