Argon2 is hard to generate with the modern hardware and CPU. What you could do is, to make it even harder, is generate each phone number hash with deterministic hash (0-16 prepended) and when looking up, generate all 16 hashes and then match against stored hashes. Not fool proof approach, since you literally need a rainbow table, but would take years for anyone determined to bruit force it. And storing such table would take a few TB of storage (not much but). One more way, that will make lookup a pain, is to salt it and then compute for each comparison, but then it will take ages in normal use.
Short of finding a compromise (spend 10 seconds to compute n hashes that will be used for lookup), I see no other way. 🐶🐾🤔
If i’m reading this right:
argon2(
argon2(
argon2(bob + first digit), bob + second digit) … ) ?
Argon2 per digit of the number appending hash in each iteration. Not sure how complex that will be, but all you need is to have it compute in 1-3 second on the modern phone 🐶🐾🤔
@jb55 @The Fishcake🐶🐾 doing 16 rounds of argon2 on (number + first block of the month) and a ratelimit on the server seems like a better choice
If it’s on relay, then there are no limits. I think we are talking public storage of that db 🐶🐾🤣
Something like that? 🐶🐾🤔
function hashPhoneNumber(phoneNumber):
hashedValue = ""
for each digit in phoneNumber:
if hashedValue is empty:
hashedValue = argon2Hash(digit)
else:
concatenated = hashedValue + digit
hashedValue = argon2Hash(concatenated)
return hashedValue
I like this. It would be crazy hard to build a table for this, maybe by setting a large iteration security parameter? I would just have an initial salt value just in case this approach gets standardized, but otherwise I’m leaning toward this. I don’t think you would even need the name to simplify it.
I think so! And we hardest iteration number you’ll make it close to impossible to table for the next 5-10 years, which is sufficient for this level of information 🐶🐾🫡
You all are so fucking smart it’s ridiculous
But as usual, we're solving problems from a technical perspective. 😞
what do you propose to solve this problem?
I propose not to stick with that old "phone number" stuff. Just don't do it, it's not necessary, we have nip05, I.e.
Using phone numbers for nsecs is like using coinbase for #Bitcoin.