[Noisebridge-discuss] Access control & Safety, both personal and general space.

Daniel Pitts coloraura.com at gmail.com
Wed Feb 8 23:49:55 UTC 2012


On 2/8/12 1:39 PM, Jonathan Lassoff wrote:
> On Wed, Feb 8, 2012 at 1:31 PM, Casey Callendrello<c1 at caseyc.net>  wrote:
>> I like this classification, with one caveat: Only the Treasurer + Board
>> should be able to define Consensed Members. If this is enshrined in some
>> sort of system running on Pony, then anyone with sudo will be able to
>> l33t h4x0r it, but that's probably okay.
>>
>> One possible issue: if this is somehow stored programatically and used
>> for Caller-ID access, then there *will* be, on disk, a list of member
>> pseudonyms and their phone numbers (opt-in, of course). I think the
>> presence of such a list  is okay, and I'm comfortable with my own number
>> being there, but if someone is offended by the mere presence of such a
>> list *and* has a better suggestion, I'm all ears.
> Perhaps bcrypt the phone number and store that instead? That way, you
> can verify that something's in there, but it can't be easily figured
> out what it is.
There isn't much point in encrypting a phone number, the number of bits 
of entropy is so low that a brute-force attack would be *extremely* easy 
to execute.



More information about the Noisebridge-discuss mailing list