The answer is no, this doesn't quite work.
The reason it doesn't work is this message encrypting r with a key,
that's exactly what the server sent.
So this certainly doesn't prove knowledge of k
because this could just be reflected back to the server.
So we need to do something a little different.
Instead of encrypting just r, we need to encrypt something else
that proves knowledge of k and r but couldn't be generated just by replaying this.
And so one way to do that would be to add another nonce.
We're going to concatenate a new nonce here
and encrypt the concatenation of those 2.
The server can decrypt this, extract r, check that it matches,
and extract that value,
and the server could send that value back encrypted with k.
At this stage both the server and the client have proved knowledge of the password,
they've established a shared secret that they can use for further communication,
and they've done this in a way so that even if there's an active attacker
intercepting and modifying all these messages,
if the attacker doesn't know the password, p,
they can't trick the client and server into believing that they're talking with each other
or establishing a key that's different from the one that they would establish.
