[Noisebridge-discuss] Access control & Safety, both personal and general space.
jof at thejof.com
Thu Feb 9 00:49:04 UTC 2012
On Wed, Feb 8, 2012 at 4:40 PM, Casey Callendrello <c1 at caseyc.net> wrote:
> Right - we're not trying to prevent brute-forcing of the system, but to
> prevent exposing the cell phone numbers of members in the event the DB
> is compromised. I like the idea of hashing to a space smaller than 32
> bits (the complexity of currently-allocated US phone numbers).
And while most callers will be US-based, there are plenty of
non-NANPA-style numbers out there in other countries.
There's really no format specifier in caller ID, other than the
allowed characters. Kinda gross, but that's interop for ya.
I think if we were to go with bcrypt and just choose the same salt, or
deterministically pick one from the phone number, I think it'll do
what you're looking for.
More information about the Noisebridge-discuss