Oddbean new post about | logout
fishcake | 6 months ago (raw) | root | parent | reply | flag +1 
 Argon2 is hard to generate with the modern hardware and CPU. What you could do is, to make it even harder, is generate each phone number hash with deterministic hash (0-16 prepended) and when looking up, generate all 16 hashes and then match against stored hashes. Not fool proof approach, since you literally need a rainbow table, but would take years for anyone determined to bruit force it. And storing such table would take a few TB of storage (not much but). One more way, that will make lookup a pain, is to salt it and then compute for each comparison, but then it will take ages in normal use. 

Short of finding a compromise (spend 10 seconds to compute n hashes that will be used for lookup), I see no other way. 🐶🐾🤔
jb55 | 6 months ago (raw) | root | parent | reply | flag +1 
 If i’m reading this right:

argon2(
  argon2(
   argon2(bob + first digit), bob + second digit) … ) ?
fishcake | 6 months ago (raw) | root | parent | reply | flag 
 Argon2 per digit of the number appending hash in each iteration. Not sure how complex that will be, but all you need is to have it compute in 1-3 second on the modern phone 🐶🐾🤔
e312cfb5 | 6 months ago (raw) | root | parent | reply | flag 
 @jb55 @fishcake doing 16 rounds of argon2 on (number + first block of the month) and a ratelimit on the server seems like a better choice
fishcake | 6 months ago (raw) | root | parent | reply | flag 
 If it’s on relay, then there are no limits. I think we are talking public storage of that db 🐶🐾🤣
fishcake | 6 months ago (raw) | root | parent | reply | flag 
 Something like that? 🐶🐾🤔

function hashPhoneNumber(phoneNumber):
    hashedValue = ""
    
    for each digit in phoneNumber:
        if hashedValue is empty:
            hashedValue = argon2Hash(digit)
        else:
            concatenated = hashedValue + digit
            hashedValue = argon2Hash(concatenated)
    
    return hashedValue
jb55 | 6 months ago (raw) | root | parent | reply | flag +2 
 I like this. It would be crazy hard to build a table for this, maybe by setting a large iteration security parameter? I would just have an initial salt value just in case this approach gets standardized, but otherwise I’m leaning toward this. I don’t think you would even need the name to simplify it.
fishcake | 6 months ago (raw) | root | parent | reply | flag +1 
 I think so! And we hardest iteration number you’ll make it close to impossible to table for the next 5-10 years, which is sufficient for this level of information 🐶🐾🫡
bostonwine | 6 months ago (raw) | root | parent | reply | flag 
 You all are so fucking smart it’s ridiculous
Raymon | 6 months ago (raw) | root | parent | reply | flag 
 But as usual, we're solving problems from a technical perspective. 😞
jb55 | 6 months ago (raw) | root | parent | reply | flag 
 what do you propose to solve this problem?
Raymon | 6 months ago (raw) | root | parent | reply | flag 
 I propose not to stick with that old "phone number" stuff. Just don't do it, it's not necessary, we have nip05, I.e.
Raymon | 6 months ago (raw) | root | parent | reply | flag 
 Using phone numbers for nsecs is like using coinbase for #Bitcoin.