[Noisebridge-discuss] Access control & Safety, both personal and general space.
John Adams
jna at retina.net
Thu Feb 9 02:34:05 UTC 2012
This is exactly the problem hashes were meant to solve. Just use a hash like md5 or, hash the numbers into strings and let the database sort it out.
You'll also want to salt the hashes, or otherwise it will be trivial to write a script to decode all numbers with a simple rainbow table attack.
Sent from my iPhone
On Feb 8, 2012, at 18:29, girlgeek <girlgeek at wt.net> wrote:
> YES! A list (database table with index) really should NOT take very long to search a couple of thousand records in real time if written correctly. (Don't start me about writing code correctly).
> -Claudia
> On 2/8/2012 3:40 PM, Shannon Lee wrote:
>>
>> If you have an index if bcrypt'd phone numbers, you can simply bcrypt the incoming number and search the index for that hash, yes?
>>
>> --S
>>
>> On Wed, Feb 8, 2012 at 3:38 PM, Casey Callendrello <c1 at caseyc.net> wrote:
>> On 2/8/2012 1:39 PM, Jonathan Lassoff wrote:
>> > Perhaps bcrypt the phone number and store that instead? That way, you
>> > can verify that something's in there, but it can't be easily figured
>> > out what it is.
>>
>> I'd thought about that. However, when a user dials in, we don't know
>> their username, so we have to just test their
>> "password" (the phone number) against every known entry. If the number
>> of bcrypt rounds is too high, then it takes forever. Is there a hashing
>> function I should choose that is efficient but will make just
>> enumerating all passwords too slow? There are about 2360000000 possible
>> north-american phone numbers based on currently-allocated area codes.
>>
>> I suppose bcrypt will be fine provided that all possible numbers can be
>> quickly scanned.
>>
>> -c.
>>
>> _______________________________________________
>> Noisebridge-discuss mailing list
>> Noisebridge-discuss at lists.noisebridge.net
>> https://www.noisebridge.net/mailman/listinfo/noisebridge-discuss
>>
>>
>>
>> --
>> Shannon Lee
>> (503) 539-3700
>>
>> "Any sufficiently analyzed magic is indistinguishable from science."
>>
>>
>> _______________________________________________
>> Noisebridge-discuss mailing list
>> Noisebridge-discuss at lists.noisebridge.net
>> https://www.noisebridge.net/mailman/listinfo/noisebridge-discuss
>>
>>
>> No virus found in this message.
>> Checked by AVG - www.avg.com
>> Version: 2012.0.1834 / Virus Database: 2112/4796 - Release Date: 02/08/12
>>
>
> _______________________________________________
> Noisebridge-discuss mailing list
> Noisebridge-discuss at lists.noisebridge.net
> https://www.noisebridge.net/mailman/listinfo/noisebridge-discuss
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.noisebridge.net/pipermail/noisebridge-discuss/attachments/20120208/7f541bc0/attachment.html>
More information about the Noisebridge-discuss
mailing list