[Noisebridge-discuss] Access control & Safety, both personal and general space.

Jonathan Lassoff jof at thejof.com
Wed Feb 8 16:14:44 PST 2012


On Wed, Feb 8, 2012 at 3:49 PM, Daniel Pitts <coloraura.com at gmail.com> wrote:
> There isn't much point in encrypting a phone number, the number of bits
> of entropy is so low that a brute-force attack would be *extremely* easy
> to execute.

True! And this is why I suggest using bcrypt. Brute-force generation
of bcrypt hashes for *every* phone number is variably-hard (by tuning
the "cost" of bcrypt).

--j


More information about the Noisebridge-discuss mailing list