Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Hash Range Queries
Search
luke crouch
December 18, 2018
Technology
130
0
Share
Hash Range Queries
For simple, privacy-preserving data-sharing.
luke crouch
December 18, 2018
More Decks by luke crouch
See All by luke crouch
Mr. Brokebot: Lethal language attacks against AI agents
groovecoder
0
45
Pigeons to Padlocks: 5000 years of Network Security
groovecoder
0
99
cryptory-up-to-https-atlas-2024.pdf
groovecoder
0
80
Cryptography: 500 BC to https
groovecoder
0
190
Mozilla Observatory First Draft
groovecoder
0
140
VPNs
groovecoder
0
150
Digital Privacy & Security
groovecoder
0
270
Cryptography: 500 BC to Quantum Computing
groovecoder
0
1k
Just enough bitcoing to go cryptojacking with JavaScript
groovecoder
0
120
Other Decks in Technology
See All in Technology
最初の一歩を踏み出せなかった私が、誰かの背中を押したいと思うようになるまで / give someone a push
mii3king
0
160
[OAWTT26][THR1028] Oracle AI Database 26ai へのアップグレード:ベストプラクティスと最新情報
oracle4engineer
PRO
1
110
小説執筆のハーネスエンジニアリング
yoshitetsu
0
740
AWS DevOps Agentはチームメイトになれるのか?/ Can AWS DevOps Agent become a teammate
kinunori
6
750
クラウドネイティブな開発 ~ 認知負荷に立ち向かうためのコンテナ活用
literalice
0
140
20260423_執筆の工夫と裏側 技術書の企画から刊行まで / From the planning to the publication of technical book
nash_efp
3
420
自立を加速させる神器 - EMOasis #11
stanby_inc
0
150
AI時代における技術的負債への取り組み
codenote
1
1.7k
国内外の生成AIセキュリティの最新動向 & AIガードレール製品「chakoshi」のご紹介 / Latest Trends in Generative AI Security (Domestic & International) & Introduction to AI Guardrail Product "chakoshi"
nttcom
4
1.3k
Standards et agents IA : un tour d’horizon de MCP, A2A, ADK et plus encore
glaforge
0
190
AIが書いたコードを信じられない問題 〜レビュー負荷を下げるために変えたこと〜 / The AI Code Trust Gap: Reducing the Review Burden
bitkey
PRO
8
1.3k
AI駆動1on1〜AIに自分を育ててもらう〜
yoshiakiyasuda
0
130
Featured
See All Featured
30 Presentation Tips
portentint
PRO
1
280
Design of three-dimensional binary manipulators for pick-and-place task avoiding obstacles (IECON2024)
konakalab
0
410
GraphQLとの向き合い方2022年版
quramy
50
15k
A Modern Web Designer's Workflow
chriscoyier
698
190k
How to Ace a Technical Interview
jacobian
281
24k
Done Done
chrislema
186
16k
The SEO identity crisis: Don't let AI make you average
varn
0
450
How to Talk to Developers About Accessibility
jct
2
180
Mozcon NYC 2025: Stop Losing SEO Traffic
samtorres
0
210
Max Prin - Stacking Signals: How International SEO Comes Together (And Falls Apart)
techseoconnect
PRO
0
150
4 Signs Your Business is Dying
shpigford
187
22k
Navigating Weather and Climate Data
rabernat
0
170
Transcript
Hash Range Queries For simple, privacy-preserving data-sharing
https://blog.cloudflare.com/validating-leaked-passwords-with-k-anonymity/ https://www.troyhunt.com/ive-just-launched-pwned-passwords-version-2/ Not my original idea
https://api.pwnedpasswords.com/pwnedpassword/password A request for a single password reveals who is
interested in this password. Maybe not that interesting for a widely-used value …
https://api.pwnedpasswords.com/pwnedpassword/p1nkyp13 But how many people would use their favorite my
little pony character with vowels replaced with numbers?
Do you trust the person operating the service? • Are
they doing something else with the data? • Are they securing the data?
None
How can a client get a single record from a
server without revealing the record identifier to the server?
The Easiest Way: Hashed Identifiers
None
None
But rainbow tables exist
None
The Hard Way: Private Set Intersection
None
None
The Middle Way: k-Anonymity
https://en.wikipedia.org/wiki/K-anonymity Every record is unique
https://en.wikipedia.org/wiki/K-anonymity k-Anonymity: 2 for any combination of Age + Gender
+ State found in any row of the table there are always at least 2 rows with those exact attributes Suppression Suppression Generalization
https://blog.cloudflare.com/validating-leaked-passwords-with-k-anonymity/ By using this property, we are able to seperate
hashes into anonymized "buckets".
https://blog.cloudflare.com/validating-leaked-passwords-with-k-anonymity/ A client is able to anonymize the user-supplied hash
…
https://blog.cloudflare.com/validating-leaked-passwords-with-k-anonymity/ … and then download all hashes in the same
anonymized "bucket" as that hash … {
https://blog.cloudflare.com/validating-leaked-passwords-with-k-anonymity/ { 5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8 5baa61f4c0b12f0a6691121c7de9420c8ff12c1f 5baa61aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa 5baa61bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb 5baa61cccccccccccccccccccccccccccccccccc 5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8 5baa61f4c0b12f0a6691121c7de9420c8ff12c1f 5baa61aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
5baa61bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb 5baa61cccccccccccccccccccccccccccccccccc … then do an offline check to see if the user- supplied hash is in that breached bucket.
groovecoder
mii3king
oracle4engineer
yoshitetsu
kinunori
literalice
nash_efp
stanby_inc
codenote
nttcom
glaforge
bitkey
.png){kind=avatar}
yoshiakiyasuda
portentint
konakalab
quramy
chriscoyier
jacobian
chrislema
varn
jct
samtorres
techseoconnect
shpigford
rabernat
