[Noisebridge-discuss] Access control & Safety, both personal and general space.
Casey Callendrello
c1 at caseyc.net
Wed Feb 8 23:38:22 UTC 2012
On 2/8/2012 1:39 PM, Jonathan Lassoff wrote:
> Perhaps bcrypt the phone number and store that instead? That way, you
> can verify that something's in there, but it can't be easily figured
> out what it is.
I'd thought about that. However, when a user dials in, we don't know
their username, so we have to just test their
"password" (the phone number) against every known entry. If the number
of bcrypt rounds is too high, then it takes forever. Is there a hashing
function I should choose that is efficient but will make just
enumerating all passwords too slow? There are about 2360000000 possible
north-american phone numbers based on currently-allocated area codes.
I suppose bcrypt will be fine provided that all possible numbers can be
quickly scanned.
-c.
More information about the Noisebridge-discuss
mailing list