<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
No, because bcrypt randomly generates a salt and stores it in the
password hash. So you can only compare given plaintext against a
specific, already-existing hash.<br>
<br>
--Casey<br>
<br>
On 2/8/2012 3:40 PM, Shannon Lee wrote:
<blockquote
cite="mid:CAGjxht=tLp-GqZCQUsPc+NX+Kcp2tJEpP1QeFHQMpv4FuNgncg@mail.gmail.com"
type="cite">If you have an index if bcrypt'd phone numbers, you
can simply bcrypt the incoming number and search the index for
that hash, yes?
<div><br>
</div>
<div>--S<br>
<br>
<div class="gmail_quote">On Wed, Feb 8, 2012 at 3:38 PM, Casey
Callendrello <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:c1@caseyc.net">c1@caseyc.net</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div class="im">On 2/8/2012 1:39 PM, Jonathan Lassoff wrote:<br>
> Perhaps bcrypt the phone number and store that
instead? That way, you<br>
> can verify that something's in there, but it can't be
easily figured<br>
> out what it is.<br>
<br>
</div>
I'd thought about that. However, when a user dials in, we
don't know<br>
their username, so we have to just test their<br>
"password" (the phone number) against every known entry. If
the number<br>
of bcrypt rounds is too high, then it takes forever. Is
there a hashing<br>
function I should choose that is efficient but will make
just<br>
enumerating all passwords too slow? There are about
2360000000 possible<br>
north-american phone numbers based on currently-allocated
area codes.<br>
<br>
I suppose bcrypt will be fine provided that all possible
numbers can be<br>
quickly scanned.<br>
<font color="#888888"><br>
-c.<br>
</font>
<div>
<div class="h5"><br>
_______________________________________________<br>
Noisebridge-discuss mailing list<br>
<a moz-do-not-send="true"
href="mailto:Noisebridge-discuss@lists.noisebridge.net">Noisebridge-discuss@lists.noisebridge.net</a><br>
<a moz-do-not-send="true"
href="https://www.noisebridge.net/mailman/listinfo/noisebridge-discuss"
target="_blank">https://www.noisebridge.net/mailman/listinfo/noisebridge-discuss</a><br>
</div>
</div>
</blockquote>
</div>
<br>
<br clear="all">
<div><br>
</div>
-- <br>
Shannon Lee<br>
(503) 539-3700<br>
<br>
"Any sufficiently analyzed magic is indistinguishable from
science."<br>
</div>
</blockquote>
<br>
</body>
</html>