Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Hash Range Queries

Sponsored · Your Podcast. Everywhere. Effortlessly. Share. Educate. Inspire. Entertain. You do you. We'll handle the rest.
Avatar for luke crouch luke crouch
December 18, 2018
Technology
0
130

Hash Range Queries

For simple, privacy-preserving data-sharing.

Avatar for luke crouch

luke crouch

December 18, 2018
Tweet

More Decks by luke crouch

See All by luke crouch
Mr. Brokebot: Lethal language attacks against AI agents
Avatar for luke crouch groovecoder
0
30
Pigeons to Padlocks: 5000 years of Network Security
Avatar for luke crouch groovecoder
0
91
cryptory-up-to-https-atlas-2024.pdf
Avatar for luke crouch groovecoder
0
71
Cryptography: 500 BC to https
Avatar for luke crouch groovecoder
0
180
Mozilla Observatory First Draft
Avatar for luke crouch groovecoder
0
140
VPNs
Avatar for luke crouch groovecoder
0
140
Digital Privacy & Security
Avatar for luke crouch groovecoder
0
270
Cryptography: 500 BC to Quantum Computing
Avatar for luke crouch groovecoder
0
990
Just enough bitcoing to go cryptojacking with JavaScript
Avatar for luke crouch groovecoder
0
120

Other Decks in Technology

See All in Technology
マイグレーションガイドに書いてないRiverpod 3移行話
Avatar for AOKI Taiju taiju59
0
300
ローカルでLLMを使ってみよう
Avatar for kosmosebi kosmosebi
0
200
Goで実現する堅牢なアーキテクチャ:DDD、gRPC-connect、そしてAI協調開発の実践
Avatar for fujidomoe fujidomoe
3
770
OCI技術資料 : 外部接続 VPN接続 詳細
Avatar for Oracle Cloud Infrastructure ソリューション・エンジニア ocise
1
10k
「データとの対話」の現在地と未来
Avatar for kobakou kobakou
0
780
LINEアプリ開発のための Claude Code活用基盤の構築
Avatar for LINEヤフーTech (LY Corporation Tech) lycorptech_jp
PRO
1
1k
バニラVisaギフトカードを棄てるのは結構大変
Avatar for meow meow_noisy
0
150
Claude Codeと駆け抜ける 情報収集と実践録
Avatar for sontixyou sontixyou
1
1.1k
Intro SAGA Event Space
Avatar for midnight480 midnight480
0
160
LY Tableauでの Tableau x AIの実践 (at Tableau Now! - 2026-02-26)
Avatar for Yoshitaka Arakawa yoshitakaarakawa
0
770
大規模な組織におけるAI Agent活用の促進と課題
Avatar for LINEヤフーTech (LY Corporation Tech) lycorptech_jp
PRO
4
6.1k
Eight Engineering Unit 紹介資料
Avatar for Sansan, Inc. sansan33
PRO
1
6.8k

Featured

See All Featured
Testing 201, or: Great Expectations
Avatar for Joseph Mastey jmmastey
46
8.1k
The Cost Of JavaScript in 2023
Avatar for Addy Osmani addyosmani
55
9.7k
DevOps and Value Stream Thinking: Enabling flow, efficiency and business value
Avatar for Helen Beal helenjbeal
1
130
Docker and Python
Avatar for Tania Allard trallard
47
3.7k
Context Engineering - Making Every Token Count
Avatar for Addy Osmani addyosmani
9
710
Claude Code どこまでも/ Claude Code Everywhere
Avatar for nwiizo nwiizo
63
53k
Leading Effective Engineering Teams in the AI Era
Avatar for Addy Osmani addyosmani
9
1.7k
GraphQLとの向き合い方2022年版
Avatar for Yosuke Kurami quramy
50
14k
Visualization
Avatar for Eitan Lees eitanlees
150
17k
Making Projects Easy
Avatar for Brett Harned brettharned
120
6.6k
SEO for Brand Visibility & Recognition
Avatar for Aleyda Solis aleyda
0
4.3k
Bridging the Design Gap: How Collaborative Modelling removes blockers to flow between stakeholders and teams @FastFlow conf
Avatar for Kenny Baas-Schwegler baasie
0
470

Transcript

  1. Hash Range Queries For simple, privacy-preserving data-sharing

  2. https://blog.cloudflare.com/validating-leaked-passwords-with-k-anonymity/
 https://www.troyhunt.com/ive-just-launched-pwned-passwords-version-2/ Not my original idea

  3. https://api.pwnedpasswords.com/pwnedpassword/password A request for a single password reveals who is

    interested in this password. Maybe not that interesting for a widely-used value …

  4. https://api.pwnedpasswords.com/pwnedpassword/p1nkyp13 But how many people would use their favorite my

    little pony character with vowels replaced with numbers?

  5. Do you trust the person operating the service? • Are

    they doing something else with the data? • Are they securing the data?
  6. None

  7. How can a client get a single record from a

    server without revealing the record identifier to the server?

  8. The Easiest Way: Hashed Identifiers

  9. None
  10. None

  11. But rainbow tables exist

  12. None

  13. The Hard Way: Private Set Intersection

  14. None
  15. None

  16. The Middle Way: k-Anonymity

  17. https://en.wikipedia.org/wiki/K-anonymity Every record is unique

  18. https://en.wikipedia.org/wiki/K-anonymity k-Anonymity: 2 for any combination of Age + Gender

    + State found in any row of the table there are always at least 2 rows with those exact attributes Suppression Suppression Generalization

  19. https://blog.cloudflare.com/validating-leaked-passwords-with-k-anonymity/ By using this property, we are able to seperate

    hashes into anonymized "buckets".

  20. https://blog.cloudflare.com/validating-leaked-passwords-with-k-anonymity/ A client is able to anonymize the user-supplied hash

  21. https://blog.cloudflare.com/validating-leaked-passwords-with-k-anonymity/ … and then download all hashes in the same

    anonymized "bucket" as that hash … {

  22. https://blog.cloudflare.com/validating-leaked-passwords-with-k-anonymity/ { 5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8 5baa61f4c0b12f0a6691121c7de9420c8ff12c1f 5baa61aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa 5baa61bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb 5baa61cccccccccccccccccccccccccccccccccc 5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8 5baa61f4c0b12f0a6691121c7de9420c8ff12c1f 5baa61aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa

    5baa61bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb 5baa61cccccccccccccccccccccccccccccccccc … then do an offline check to see if the user- supplied hash is in that breached bucket.