Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Hash Range Queries

luke crouch
December 18, 2018
Technology
0
88

Hash Range Queries

For simple, privacy-preserving data-sharing.

luke crouch

December 18, 2018
Tweet

More Decks by luke crouch

See All by luke crouch
Pigeons to Padlocks: 5000 years of Network Security
groovecoder
0
45
cryptory-up-to-https-atlas-2024.pdf
groovecoder
0
45
Cryptography: 500 BC to https
groovecoder
0
120
Mozilla Observatory First Draft
groovecoder
0
100
VPNs
groovecoder
0
100
Digital Privacy & Security
groovecoder
0
230
Cryptography: 500 BC to Quantum Computing
groovecoder
0
560
Just enough bitcoing to go cryptojacking with JavaScript
groovecoder
0
76
Can we protect Privacy without breaking the web
groovecoder
0
130

Other Decks in Technology

See All in Technology
飲食店予約台帳を支えるインタラクティブ UI 設計と実装
siropaca
7
1.8k
2024.02.19 W&B AIエージェントLT会 / AIエージェントが業務を代行するための計画と実行 / Algomatic 宮脇
smiyawaki0820
13
3.4k
2/18/25: Java meets AI: Build LLM-Powered Apps with LangChain4j
edeandrea
PRO
0
120
Cloud Spanner 導入で実現した快適な開発と運用について
colopl
1
660
Goで作って学ぶWebSocket
ryuichi1208
1
880
Nekko Cloud、 これまでとこれから ~学生サークルが作る、 小さなクラウド
logica0419
2
970
人はなぜISUCONに夢中になるのか
kakehashi
PRO
6
1.7k
(機械学習システムでも) SLO から始める信頼性構築 - ゆる SRE#9 2025/02/21
daigo0927
0
120
モノレポ開発のエラー、誰が見る?Datadog で実現する適切なトリアージとエスカレーション
biwashi
6
810
Helm , Kustomize に代わる !? 次世代 k8s パッケージマネージャー Glasskube 入門 / glasskube-entry
parupappa2929
0
250
ビジネスモデリング道場 目的と背景
masuda220
PRO
9
520
OpenID BizDay#17 KYC WG活動報告(法人) / 20250219-BizDay17-KYC-legalidentity
oidfj
0
250

Featured

See All Featured
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
panda_program
100
18k
Navigating Team Friction
lara
183
15k
The Pragmatic Product Professional
lauravandoore
32
6.4k
Principles of Awesome APIs and How to Build Them.
keavy
126
17k
Docker and Python
trallard
44
3.3k
Practical Tips for Bootstrapping Information Extraction Pipelines
honnibal
PRO
12
960
Rails Girls Zürich Keynote
gr2m
94
13k
Producing Creativity
orderedlist
PRO
344
39k
How To Stay Up To Date on Web Technology
chriscoyier
790
250k
Save Time (by Creating Custom Rails Generators)
garrettdimon
PRO
29
1k
Designing for humans not robots
tammielis
250
25k
Building Flexible Design Systems
yeseniaperezcruz
328
38k

Transcript

  1. Hash Range Queries For simple, privacy-preserving data-sharing

  2. https://blog.cloudflare.com/validating-leaked-passwords-with-k-anonymity/
 https://www.troyhunt.com/ive-just-launched-pwned-passwords-version-2/ Not my original idea

  3. https://api.pwnedpasswords.com/pwnedpassword/password A request for a single password reveals who is

    interested in this password. Maybe not that interesting for a widely-used value …

  4. https://api.pwnedpasswords.com/pwnedpassword/p1nkyp13 But how many people would use their favorite my

    little pony character with vowels replaced with numbers?

  5. Do you trust the person operating the service? • Are

    they doing something else with the data? • Are they securing the data?
  6. None

  7. How can a client get a single record from a

    server without revealing the record identifier to the server?

  8. The Easiest Way: Hashed Identifiers

  9. None
  10. None

  11. But rainbow tables exist

  12. None

  13. The Hard Way: Private Set Intersection

  14. None
  15. None

  16. The Middle Way: k-Anonymity

  17. https://en.wikipedia.org/wiki/K-anonymity Every record is unique

  18. https://en.wikipedia.org/wiki/K-anonymity k-Anonymity: 2 for any combination of Age + Gender

    + State found in any row of the table there are always at least 2 rows with those exact attributes Suppression Suppression Generalization

  19. https://blog.cloudflare.com/validating-leaked-passwords-with-k-anonymity/ By using this property, we are able to seperate

    hashes into anonymized "buckets".

  20. https://blog.cloudflare.com/validating-leaked-passwords-with-k-anonymity/ A client is able to anonymize the user-supplied hash

  21. https://blog.cloudflare.com/validating-leaked-passwords-with-k-anonymity/ … and then download all hashes in the same

    anonymized "bucket" as that hash … {

  22. https://blog.cloudflare.com/validating-leaked-passwords-with-k-anonymity/ { 5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8 5baa61f4c0b12f0a6691121c7de9420c8ff12c1f 5baa61aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa 5baa61bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb 5baa61cccccccccccccccccccccccccccccccccc 5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8 5baa61f4c0b12f0a6691121c7de9420c8ff12c1f 5baa61aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa

    5baa61bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb 5baa61cccccccccccccccccccccccccccccccccc … then do an offline check to see if the user- supplied hash is in that breached bucket.