In case that wasn't clear, security is god damn hard!

Let's say you encrypt your password on the client, it's secure now, right, because now can read it, right? No!
If you use classical cryptograhy like AES for example, you have to have the key in the client so simply opening the binary will give any attack what they need to decrypt any password! But you are smart, right, so you use public key encryption! Now the only thing an attacker can do is encrypt the passwords, devious!

Well, an attacker will just use a replay attack. Since you have your super secure encryption, you don't need TLS and can send it in clear text... Too bad that that makes you vulnerable to replay attacks. Even worse, you also open yourself to man in the middle attacks because you can't authenticate the server to the client.

But you made this super secure protocol that is super secure, so that doesn't work. Well, congratulations, you just opened yourself up to a timing attack. Of course, a strcmp() on the hash is not an O(1) operation, it's worst case O(n) but if the strings are not the same, it will bail out early. The timing difference allows the attacker to guess the password character by character until they succeed. Don't believe that works? Sure they do

Given how your implemented the rest of your crypto, chances are that you tell the user to try again from the client and your webserver just accepts as many login attempts as possible.

I don't know how to put it mildly, so I'll put it in easy terms: Cryptography is not a fucking joke and no, just because you know how a pointer looks like doesn't mean you can do it. Even people who know their stuff still routinely fail. If your algorithm is solid, you may and probably still are vulnerable to side channel attacks.