<html>

  <head>

    <meta content="text/html; charset=ISO-8859-1"

      http-equiv="Content-Type">

  </head>

  <body bgcolor="#FFFFFF" text="#000000">

    No, because bcrypt randomly generates a salt and stores it in the

    password hash. So you can only compare given plaintext against a

    specific, already-existing hash.<br>

    <br>

    --Casey<br>

    <br>

    On 2/8/2012 3:40 PM, Shannon Lee wrote:

    <blockquote

cite="mid:CAGjxht=tLp-GqZCQUsPc+NX+Kcp2tJEpP1QeFHQMpv4FuNgncg@mail.gmail.com"

      type="cite">If you have an index if bcrypt'd phone numbers, you

      can simply bcrypt the incoming number and search the index for

      that hash, yes?

      <div><br>

      </div>

      <div>--S<br>

        <br>

        <div class="gmail_quote">On Wed, Feb 8, 2012 at 3:38 PM, Casey

          Callendrello <span dir="ltr"><<a moz-do-not-send="true"

              href="mailto:c1@caseyc.net">c1@caseyc.net</a>></span>

          wrote:<br>

          <blockquote class="gmail_quote" style="margin:0 0 0

            .8ex;border-left:1px #ccc solid;padding-left:1ex">

            <div class="im">On 2/8/2012 1:39 PM, Jonathan Lassoff wrote:<br>

              > Perhaps bcrypt the phone number and store that

              instead? That way, you<br>

              > can verify that something's in there, but it can't be

              easily figured<br>

              > out what it is.<br>

              <br>

            </div>

            I'd thought about that. However, when a user dials in, we

            don't know<br>

            their username, so we have to just test their<br>

            "password" (the phone number) against every known entry. If

            the number<br>

            of bcrypt rounds is too high, then it takes forever. Is

            there a hashing<br>

            function I should choose that is efficient but will make

            just<br>

            enumerating all passwords too slow? There are about

            2360000000 possible<br>

            north-american phone numbers based on currently-allocated

            area codes.<br>

            <br>

            I suppose bcrypt will be fine provided that all possible

            numbers can be<br>

            quickly scanned.<br>

            <font color="#888888"><br>

              -c.<br>

            </font>

            <div>

              <div class="h5"><br>

                _______________________________________________<br>

                Noisebridge-discuss mailing list<br>

                <a moz-do-not-send="true"

                  href="mailto:Noisebridge-discuss@lists.noisebridge.net">Noisebridge-discuss@lists.noisebridge.net</a><br>

                <a moz-do-not-send="true"

                  href="https://www.noisebridge.net/mailman/listinfo/noisebridge-discuss"

                  target="_blank">https://www.noisebridge.net/mailman/listinfo/noisebridge-discuss</a><br>

              </div>

            </div>

          </blockquote>

        </div>

        <br>

        <br clear="all">

        <div><br>

        </div>

        -- <br>

        Shannon Lee<br>

        (503) 539-3700<br>

        <br>

        "Any sufficiently analyzed magic is indistinguishable from

        science."<br>

      </div>

    </blockquote>

    <br>

  </body>

</html>