Given a bcrypt password (the hash) and the secret key, and reasonably high complexity settings, would it be safe to assume that it wouldn’t be practical to bruteforce that data?
I’m wondering how a system could be built in which we don’t know details of reports for ugly mugs, but so that those lists can be shared. It must be searchable by those fields
That is, the way current ugly mugs systems work is by individuals sharing details in mailing lists, spreadsheets and private facebook groups (this is becoming ever more prevalent) — the main problem with this is the data privacy, I don’t think majority of providers link to a privacy policy in their ads, hence violating GDPR
So the question is, how can we store that data in a secure way, and allow it to be federated / distributed for resiliency without violating laws or breaching privacy?
@MistressEmelia if you have more questions about their technical setup you can e-mail brad@pinkdate.is. for general questions about provider safety policy, e-mail sarah@pinkdate.is or visit their slack:
SA adjacent Show more
@MistressEmelia
I'm reminded of https://www.theverge.com/2017/12/21/16807116/infosec-community-sexual-predators-weinstein-assault where people shared hashes to check against.
But maybe you're asking a law question? I'm not qualified to answer those.