[Noisebridge-discuss] Access control & Safety, both personal and general space.

Jonathan Lassoff jof at thejof.com
Thu Feb 9 00:49:04 UTC 2012


On Wed, Feb 8, 2012 at 4:40 PM, Casey Callendrello <c1 at caseyc.net> wrote:
> Right - we're not trying to prevent brute-forcing of the system, but to
> prevent exposing the cell phone numbers of members in the event the DB
> is compromised. I like the idea of hashing to a space smaller than 32
> bits (the complexity of currently-allocated US phone numbers).

And while most callers will be US-based, there are plenty of
non-NANPA-style numbers out there in other countries.

There's really no format specifier in caller ID, other than the
allowed characters. Kinda gross, but that's interop for ya.

I think if we were to go with bcrypt and just choose the same salt, or
deterministically pick one from the phone number, I think it'll do
what you're looking for.

--j



More information about the Noisebridge-discuss mailing list