[Noisebridge-discuss] Access control & Safety, both personal and general space.

Davidfine d at vidfine.com
Wed Feb 8 16:22:22 PST 2012


>     Is there a hashing function I should choose that is efficient but
>     will make just enumerating all passwords too slow? There are about
>     2360000000 possible north-american phone numbers based on
>     currently-allocated area codes. I suppose bcrypt will be fine
>     provided that all possible numbers can be quickly scanned. -c.
>
If someone wants to make a rainbow table of every POTS number and
automatically try them against our access system, they should be
welcomed into the space with open arms... You might also limit the
system to 1 attempt every 15 seconds. Someone will certainly come along
and open the gate for said attacker before that approach pans out.
> LDAP would actually be perfect (structure-wise, only) for
> this, but OpenLDAP is a real mess.
Agreed. If you're going this route, just store it as a SQLite database.
Your language of choice supports it.
--D
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.noisebridge.net/pipermail/noisebridge-discuss/attachments/20120208/bf66f2d6/attachment.htm 


More information about the Noisebridge-discuss mailing list