Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Hash Range Queries

luke crouch
December 18, 2018
Technology
0
68

Hash Range Queries

For simple, privacy-preserving data-sharing.

luke crouch

December 18, 2018
Tweet

More Decks by luke crouch

See All by luke crouch
cryptory-up-to-https-atlas-2024.pdf
groovecoder
0
22
Cryptography: 500 BC to https
groovecoder
0
75
Mozilla Observatory First Draft
groovecoder
0
77
VPNs
groovecoder
0
64
Digital Privacy & Security
groovecoder
0
220
Cryptography: 500 BC to Quantum Computing
groovecoder
0
350
Just enough bitcoing to go cryptojacking with JavaScript
groovecoder
0
56
Can we protect Privacy without breaking the web
groovecoder
0
110
Google Safe Browsing (High Level)
groovecoder
0
58

Other Decks in Technology

See All in Technology
web-application-security
matsuihidetoshi
0
140
FrontDoorとWebAppsを組み合わせた際のリダイレクト処理の注意点
kenichirokimura
1
490
コードを書く隙間を見つけて生きていく技術/Findy 思考の現在地
fujiwara3
27
5.8k
Tableau事例紹介 / Tableau Case Study of Eureka
kazuya_araki_tokyo
1
190
SPI原点回帰論:事業課題とFour Keysの結節点を見出す実践的ソフトウェアプロセス改善 / DevOpsDays Tokyo 2024
visional_engineering_and_design
4
1.9k
MapLibreとAmazon Location Service
dayjournal
1
150
一生覚えておきたい「システム開発=コミュニケーション」〜初めての実務案件振り返りLT〜
maimyyym
0
100
Janus
bkuhlmann
1
490
Compose Compiler Metricsを使った実践的なコードレビュー
tomorrowkey
1
220
Kernel MemoryでAzure OpenAI Serviceとお手軽データソース連携
mitsuzono
1
190
Google Cloud の AI を支える裏側のインフラを垣間見る!
maroon1st
0
340
ServiceNow Knowledge 24の歩き方 EYストラテジー・アンド・コンサルティング
manarobot
0
180

Featured

See All Featured
Reflections from 52 weeks, 52 projects
jeffersonlam
345
19k
What the flash - Photography Introduction
edds
64
11k
Designing with Data
zakiwarfel
96
4.8k
The Success of Rails: Ensuring Growth for the Next 100 Years
eileencodes
30
6k
Testing 201, or: Great Expectations
jmmastey
28
6.3k
Building Applications with DynamoDB
mza
88
5.6k
A Philosophy of Restraint
colly
197
16k
Principles of Awesome APIs and How to Build Them.
keavy
121
16k
Stop Working from a Prison Cell
hatefulcrawdad
266
19k
A better future with KSS
kneath
231
16k
Into the Great Unknown - MozCon
thekraken
10
990
Let's Do A Bunch of Simple Stuff to Make Websites Faster
chriscoyier
501
140k

Transcript

  1. Hash Range Queries For simple, privacy-preserving data-sharing

  2. https://blog.cloudflare.com/validating-leaked-passwords-with-k-anonymity/
 https://www.troyhunt.com/ive-just-launched-pwned-passwords-version-2/ Not my original idea

  3. https://api.pwnedpasswords.com/pwnedpassword/password A request for a single password reveals who is

    interested in this password. Maybe not that interesting for a widely-used value …

  4. https://api.pwnedpasswords.com/pwnedpassword/p1nkyp13 But how many people would use their favorite my

    little pony character with vowels replaced with numbers?

  5. Do you trust the person operating the service? • Are

    they doing something else with the data? • Are they securing the data?
  6. None

  7. How can a client get a single record from a

    server without revealing the record identifier to the server?

  8. The Easiest Way: Hashed Identifiers

  9. None
  10. None

  11. But rainbow tables exist

  12. None

  13. The Hard Way: Private Set Intersection

  14. None
  15. None

  16. The Middle Way: k-Anonymity

  17. https://en.wikipedia.org/wiki/K-anonymity Every record is unique

  18. https://en.wikipedia.org/wiki/K-anonymity k-Anonymity: 2 for any combination of Age + Gender

    + State found in any row of the table there are always at least 2 rows with those exact attributes Suppression Suppression Generalization

  19. https://blog.cloudflare.com/validating-leaked-passwords-with-k-anonymity/ By using this property, we are able to seperate

    hashes into anonymized "buckets".

  20. https://blog.cloudflare.com/validating-leaked-passwords-with-k-anonymity/ A client is able to anonymize the user-supplied hash

  21. https://blog.cloudflare.com/validating-leaked-passwords-with-k-anonymity/ … and then download all hashes in the same

    anonymized "bucket" as that hash … {

  22. https://blog.cloudflare.com/validating-leaked-passwords-with-k-anonymity/ { 5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8 5baa61f4c0b12f0a6691121c7de9420c8ff12c1f 5baa61aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa 5baa61bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb 5baa61cccccccccccccccccccccccccccccccccc 5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8 5baa61f4c0b12f0a6691121c7de9420c8ff12c1f 5baa61aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa

    5baa61bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb 5baa61cccccccccccccccccccccccccccccccccc … then do an offline check to see if the user- supplied hash is in that breached bucket.