[Noisebridge-discuss] Access control & Safety, both personal and general space.
shannon at scatter.com
Wed Feb 8 15:40:55 PST 2012
If you have an index if bcrypt'd phone numbers, you can simply bcrypt the
incoming number and search the index for that hash, yes?
On Wed, Feb 8, 2012 at 3:38 PM, Casey Callendrello <c1 at caseyc.net> wrote:
> On 2/8/2012 1:39 PM, Jonathan Lassoff wrote:
> > Perhaps bcrypt the phone number and store that instead? That way, you
> > can verify that something's in there, but it can't be easily figured
> > out what it is.
> I'd thought about that. However, when a user dials in, we don't know
> their username, so we have to just test their
> "password" (the phone number) against every known entry. If the number
> of bcrypt rounds is too high, then it takes forever. Is there a hashing
> function I should choose that is efficient but will make just
> enumerating all passwords too slow? There are about 2360000000 possible
> north-american phone numbers based on currently-allocated area codes.
> I suppose bcrypt will be fine provided that all possible numbers can be
> quickly scanned.
> Noisebridge-discuss mailing list
> Noisebridge-discuss at lists.noisebridge.net
"Any sufficiently analyzed magic is indistinguishable from science."
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Noisebridge-discuss