Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Hash Range Queries

Avatar for luke crouch luke crouch
December 18, 2018
Technology
0
120

Hash Range Queries

For simple, privacy-preserving data-sharing.

Avatar for luke crouch

luke crouch

December 18, 2018
Tweet

More Decks by luke crouch

See All by luke crouch
Mr. Brokebot: Lethal language attacks against AI agents
Avatar for luke crouch groovecoder
0
29
Pigeons to Padlocks: 5000 years of Network Security
Avatar for luke crouch groovecoder
0
87
cryptory-up-to-https-atlas-2024.pdf
Avatar for luke crouch groovecoder
0
68
Cryptography: 500 BC to https
Avatar for luke crouch groovecoder
0
180
Mozilla Observatory First Draft
Avatar for luke crouch groovecoder
0
140
VPNs
Avatar for luke crouch groovecoder
0
140
Digital Privacy & Security
Avatar for luke crouch groovecoder
0
270
Cryptography: 500 BC to Quantum Computing
Avatar for luke crouch groovecoder
0
990
Just enough bitcoing to go cryptojacking with JavaScript
Avatar for luke crouch groovecoder
0
110

Other Decks in Technology

See All in Technology
Agile Leadership Summit Keynote 2026
Avatar for seki at druby.org m_seki
1
440
SREじゃなかった僕らがenablingを通じて「SRE実践者」になるまでのリアル / SRE Kaigi 2026
Avatar for AEON aeonpeople
6
2.1k
変化するコーディングエージェントとの現実的な付き合い方 〜Cursor安定択説と、ツールに依存しない「資産」〜
Avatar for empitsu empitsu
4
1.3k
Context Engineeringの取り組み
Avatar for nutslove nutslove
0
280
All About Sansan – for New Global Engineers
Avatar for Sansan, Inc. sansan33
PRO
1
1.3k
15 years with Rails and DDD (AI Edition)
Avatar for Andrzej Krzywda andrzejkrzywda
0
180
小さく始めるBCP ― 多プロダクト環境で始める最初の一歩
Avatar for kekke-n kekke_n
1
350
(金融庁共催)第4回金融データ活用チャレンジ勉強会資料
Avatar for tak takumimukaiyama
0
130
なぜ今、コスト最適化(倹約)が必要なのか? ~AWSでのコスト最適化の進め方「目的編」~
Avatar for Hayato Tan htan
1
110
広告の効果検証を題材にした因果推論の精度検証について
Avatar for ZOZO Developers zozotech
PRO
0
120
データの整合性を保ちたいだけなんだ
Avatar for ShoheiMitani shoheimitani
8
2.9k
Tebiki Engineering Team Deck
Avatar for Tebiki, Inc. tebiki
0
24k

Featured

See All Featured
The Language of Interfaces
Avatar for Des Traynor destraynor
162
26k
The Illustrated Children's Guide to Kubernetes
Avatar for Chris Short chrisshort
51
51k
Build your cross-platform service in a week with App Engine
Avatar for Jose L jlugia
234
18k
We Are The Robots
Avatar for Honza Javorek honzajavorek
0
160
Leveraging Curiosity to Care for An Aging Population
Avatar for Cassini Nazir cassininazir
1
160
Intergalactic Javascript Robots from Outer Space
Avatar for Vicent Martí tanoku
273
27k
How STYLIGHT went responsive
Avatar for nonsquared nonsquared
100
6k
The SEO Collaboration Effect
Avatar for Kristina Bergwall kristinabergwall1
0
350
The SEO identity crisis: Don't let AI make you average
Avatar for Varn varn
0
64
The Mindset for Success: Future Career Progression
Avatar for Greg Gifford greggifford
PRO
0
230
Lightning Talk: Beautiful Slides for Beginners
Avatar for Ines Montani inesmontani
PRO
1
430
So, you think you're a good person
Avatar for Per Axbom axbom
PRO
2
1.9k

Transcript

  1. Hash Range Queries For simple, privacy-preserving data-sharing

  2. https://blog.cloudflare.com/validating-leaked-passwords-with-k-anonymity/
 https://www.troyhunt.com/ive-just-launched-pwned-passwords-version-2/ Not my original idea

  3. https://api.pwnedpasswords.com/pwnedpassword/password A request for a single password reveals who is

    interested in this password. Maybe not that interesting for a widely-used value …

  4. https://api.pwnedpasswords.com/pwnedpassword/p1nkyp13 But how many people would use their favorite my

    little pony character with vowels replaced with numbers?

  5. Do you trust the person operating the service? • Are

    they doing something else with the data? • Are they securing the data?
  6. None

  7. How can a client get a single record from a

    server without revealing the record identifier to the server?

  8. The Easiest Way: Hashed Identifiers

  9. None
  10. None

  11. But rainbow tables exist

  12. None

  13. The Hard Way: Private Set Intersection

  14. None
  15. None

  16. The Middle Way: k-Anonymity

  17. https://en.wikipedia.org/wiki/K-anonymity Every record is unique

  18. https://en.wikipedia.org/wiki/K-anonymity k-Anonymity: 2 for any combination of Age + Gender

    + State found in any row of the table there are always at least 2 rows with those exact attributes Suppression Suppression Generalization

  19. https://blog.cloudflare.com/validating-leaked-passwords-with-k-anonymity/ By using this property, we are able to seperate

    hashes into anonymized "buckets".

  20. https://blog.cloudflare.com/validating-leaked-passwords-with-k-anonymity/ A client is able to anonymize the user-supplied hash

  21. https://blog.cloudflare.com/validating-leaked-passwords-with-k-anonymity/ … and then download all hashes in the same

    anonymized "bucket" as that hash … {

  22. https://blog.cloudflare.com/validating-leaked-passwords-with-k-anonymity/ { 5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8 5baa61f4c0b12f0a6691121c7de9420c8ff12c1f 5baa61aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa 5baa61bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb 5baa61cccccccccccccccccccccccccccccccccc 5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8 5baa61f4c0b12f0a6691121c7de9420c8ff12c1f 5baa61aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa

    5baa61bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb 5baa61cccccccccccccccccccccccccccccccccc … then do an offline check to see if the user- supplied hash is in that breached bucket.