[Noisebridge-discuss] Access control & Safety, both personal and general space.

Shannon Lee shannon at scatter.com
Wed Feb 8 15:40:55 PST 2012


If you have an index if bcrypt'd phone numbers, you can simply bcrypt the
incoming number and search the index for that hash, yes?

--S

On Wed, Feb 8, 2012 at 3:38 PM, Casey Callendrello <c1 at caseyc.net> wrote:

> On 2/8/2012 1:39 PM, Jonathan Lassoff wrote:
> > Perhaps bcrypt the phone number and store that instead? That way, you
> > can verify that something's in there, but it can't be easily figured
> > out what it is.
>
> I'd thought about that. However, when a user dials in, we don't know
> their username, so we have to just test their
> "password" (the phone number) against every known entry. If the number
> of bcrypt rounds is too high, then it takes forever. Is there a hashing
> function I should choose that is efficient but will make just
> enumerating all passwords too slow? There are about 2360000000 possible
> north-american phone numbers based on currently-allocated area codes.
>
> I suppose bcrypt will be fine provided that all possible numbers can be
> quickly scanned.
>
> -c.
>
> _______________________________________________
> Noisebridge-discuss mailing list
> Noisebridge-discuss at lists.noisebridge.net
> https://www.noisebridge.net/mailman/listinfo/noisebridge-discuss
>



-- 
Shannon Lee
(503) 539-3700

"Any sufficiently analyzed magic is indistinguishable from science."
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.noisebridge.net/pipermail/noisebridge-discuss/attachments/20120208/02e7f5aa/attachment.htm 


More information about the Noisebridge-discuss mailing list