[Noisebridge-discuss] Access control & Safety, both personal and general space.
Shannon Lee
shannon at scatter.com
Wed Feb 8 23:40:55 UTC 2012
If you have an index if bcrypt'd phone numbers, you can simply bcrypt the
incoming number and search the index for that hash, yes?
--S
On Wed, Feb 8, 2012 at 3:38 PM, Casey Callendrello <c1 at caseyc.net> wrote:
> On 2/8/2012 1:39 PM, Jonathan Lassoff wrote:
> > Perhaps bcrypt the phone number and store that instead? That way, you
> > can verify that something's in there, but it can't be easily figured
> > out what it is.
>
> I'd thought about that. However, when a user dials in, we don't know
> their username, so we have to just test their
> "password" (the phone number) against every known entry. If the number
> of bcrypt rounds is too high, then it takes forever. Is there a hashing
> function I should choose that is efficient but will make just
> enumerating all passwords too slow? There are about 2360000000 possible
> north-american phone numbers based on currently-allocated area codes.
>
> I suppose bcrypt will be fine provided that all possible numbers can be
> quickly scanned.
>
> -c.
>
> _______________________________________________
> Noisebridge-discuss mailing list
> Noisebridge-discuss at lists.noisebridge.net
> https://www.noisebridge.net/mailman/listinfo/noisebridge-discuss
>
--
Shannon Lee
(503) 539-3700
"Any sufficiently analyzed magic is indistinguishable from science."
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.noisebridge.net/pipermail/noisebridge-discuss/attachments/20120208/02e7f5aa/attachment-0003.html>
More information about the Noisebridge-discuss
mailing list