<meta content="text/html; charset=ISO-8859-1"
<body bgcolor="#FFFFFF" text="#000000">
<blockquote>Is there a hashing function I should choose that is
efficient but will make just enumerating all passwords too slow?
There are about 2360000000 possible north-american phone numbers
based on currently-allocated area codes.
I suppose bcrypt will be fine provided that all possible numbers
can be quickly scanned.
If someone wants to make a rainbow table of every POTS number and
automatically try them against our access system, they should be
welcomed into the space with open arms... You might also limit the
system to 1 attempt every 15 seconds. Someone will certainly come
along and open the gate for said attacker before that approach pans
<blockquote type="cite"> LDAP would actually be perfect
(structure-wise, only) for<br>
this, but OpenLDAP is a real mess.</blockquote>
Agreed. If you're going this route, just store it as a SQLite
database. Your language of choice supports it. <br>