[Noisebridge-discuss] Access control & Safety, both personal and general space.
ryan rawson
ryanobjc at gmail.com
Thu Feb 9 05:24:46 UTC 2012
Salts don't work anymore.
Sent from your iPhone
On Feb 8, 2012, at 6:34 PM, John Adams <jna at retina.net> wrote:
> This is exactly the problem hashes were meant to solve. Just use a hash like md5 or, hash the numbers into strings and let the database sort it out.
>
> You'll also want to salt the hashes, or otherwise it will be trivial to write a script to decode all numbers with a simple rainbow table attack.
>
> Sent from my iPhone
>
> On Feb 8, 2012, at 18:29, girlgeek <girlgeek at wt.net> wrote:
>
>> YES! A list (database table with index) really should NOT take very long to search a couple of thousand records in real time if written correctly. (Don't start me about writing code correctly).
>> -Claudia
>> On 2/8/2012 3:40 PM, Shannon Lee wrote:
>>>
>>> If you have an index if bcrypt'd phone numbers, you can simply bcrypt the incoming number and search the index for that hash, yes?
>>>
>>> --S
>>>
>>> On Wed, Feb 8, 2012 at 3:38 PM, Casey Callendrello <c1 at caseyc.net> wrote:
>>> On 2/8/2012 1:39 PM, Jonathan Lassoff wrote:
>>> > Perhaps bcrypt the phone number and store that instead? That way, you
>>> > can verify that something's in there, but it can't be easily figured
>>> > out what it is.
>>>
>>> I'd thought about that. However, when a user dials in, we don't know
>>> their username, so we have to just test their
>>> "password" (the phone number) against every known entry. If the number
>>> of bcrypt rounds is too high, then it takes forever. Is there a hashing
>>> function I should choose that is efficient but will make just
>>> enumerating all passwords too slow? There are about 2360000000 possible
>>> north-american phone numbers based on currently-allocated area codes.
>>>
>>> I suppose bcrypt will be fine provided that all possible numbers can be
>>> quickly scanned.
>>>
>>> -c.
>>>
>>> _______________________________________________
>>> Noisebridge-discuss mailing list
>>> Noisebridge-discuss at lists.noisebridge.net
>>> https://www.noisebridge.net/mailman/listinfo/noisebridge-discuss
>>>
>>>
>>>
>>> --
>>> Shannon Lee
>>> (503) 539-3700
>>>
>>> "Any sufficiently analyzed magic is indistinguishable from science."
>>>
>>>
>>> _______________________________________________
>>> Noisebridge-discuss mailing list
>>> Noisebridge-discuss at lists.noisebridge.net
>>> https://www.noisebridge.net/mailman/listinfo/noisebridge-discuss
>>>
>>>
>>> No virus found in this message.
>>> Checked by AVG - www.avg.com
>>> Version: 2012.0.1834 / Virus Database: 2112/4796 - Release Date: 02/08/12
>>>
>>
>> _______________________________________________
>> Noisebridge-discuss mailing list
>> Noisebridge-discuss at lists.noisebridge.net
>> https://www.noisebridge.net/mailman/listinfo/noisebridge-discuss
> _______________________________________________
> Noisebridge-discuss mailing list
> Noisebridge-discuss at lists.noisebridge.net
> https://www.noisebridge.net/mailman/listinfo/noisebridge-discuss
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.noisebridge.net/pipermail/noisebridge-discuss/attachments/20120208/df961f1f/attachment-0003.html>
More information about the Noisebridge-discuss
mailing list