[Noisebridge-discuss] Access control & Safety, both personal and general space.

Casey Callendrello c1 at caseyc.net
Wed Feb 8 15:38:22 PST 2012


On 2/8/2012 1:39 PM, Jonathan Lassoff wrote:
> Perhaps bcrypt the phone number and store that instead? That way, you
> can verify that something's in there, but it can't be easily figured
> out what it is.

I'd thought about that. However, when a user dials in, we don't know 
their username, so we have to just test their
"password" (the phone number) against every known entry. If the number 
of bcrypt rounds is too high, then it takes forever. Is there a hashing 
function I should choose that is efficient but will make just 
enumerating all passwords too slow? There are about 2360000000 possible 
north-american phone numbers based on currently-allocated area codes.

I suppose bcrypt will be fine provided that all possible numbers can be 
quickly scanned.

-c.



More information about the Noisebridge-discuss mailing list