Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Hash Range Queries

Avatar for luke crouch luke crouch
December 18, 2018
Technology
0
110

Hash Range Queries

For simple, privacy-preserving data-sharing.

Avatar for luke crouch

luke crouch

December 18, 2018
Tweet

More Decks by luke crouch

See All by luke crouch
Pigeons to Padlocks: 5000 years of Network Security
Avatar for luke crouch groovecoder
0
65
cryptory-up-to-https-atlas-2024.pdf
Avatar for luke crouch groovecoder
0
53
Cryptography: 500 BC to https
Avatar for luke crouch groovecoder
0
160
Mozilla Observatory First Draft
Avatar for luke crouch groovecoder
0
120
VPNs
Avatar for luke crouch groovecoder
0
120
Digital Privacy & Security
Avatar for luke crouch groovecoder
0
250
Cryptography: 500 BC to Quantum Computing
Avatar for luke crouch groovecoder
0
690
Just enough bitcoing to go cryptojacking with JavaScript
Avatar for luke crouch groovecoder
0
95
Can we protect Privacy without breaking the web
Avatar for luke crouch groovecoder
0
150

Other Decks in Technology

See All in Technology
OPENLOGI Company Profile for engineer
Avatar for OPENLOGI hr01
1
38k
Serverless Meetup #21
Avatar for 吉田真吾 yoshidashingo
1
120
結局QUICで通信は速くなるの?
Avatar for kota-yata kota_yata
1
770
MCP認可の現在地と自律型エージェント対応に向けた課題 / MCP Authorization Today and Challenges to Support Autonomous Agents
Avatar for Yoichi Kawasaki yokawasa
5
2.3k
風が吹けばWHOISが使えなくなる~なぜWHOIS・RDAPはサーバー証明書のメール認証に使えなくなったのか~
Avatar for Yasuhiro Orange Morishita / 森下泰宏 orangemorishita
15
5.7k
20250807 Applied Engineer Open House
Avatar for Sakana AI sakana_ai
PRO
2
350
Foundation Model × VisionKit で実現するローカル OCR
Avatar for SansanTech sansantech
PRO
1
360
テストを実行してSorbetのsigを書こう!
Avatar for SansanTech sansantech
PRO
1
100
AI時代の大規模データ活用とセキュリティ戦略
Avatar for Kengo Suzuki ken5scal
0
100
ユーザー課題を愛し抜く――AI時代のPdM価値
Avatar for KAKEHASHI kakehashi
PRO
1
120
Jamf Connect ZTNAとMDMで実現! 金融ベンチャーにおける「デバイストラスト」実例と軌跡 / Kyash Device Trust
Avatar for Jun Watanabe rela1470
1
200
LLMをツールからプラットフォームへ〜Ai Workforceの戦略〜 #BetAIDay
Avatar for LayerX layerx
PRO
1
980

Featured

See All Featured
[Rails World 2023 - Day 1 Closing Keynote] - The Magic of Rails
Avatar for Eileen M. Uchitelle eileencodes
36
2.5k
How GitHub (no longer) Works
Avatar for Zach Holman holman
314
140k
Six Lessons from altMBA
Avatar for Skipper Chong Warson skipperchong
28
3.9k
It's Worth the Effort
Avatar for 3n 3n
185
28k
For a Future-Friendly Web
Avatar for Brad Frost brad_frost
179
9.9k
Practical Tips for Bootstrapping Information Extraction Pipelines
Avatar for Matthew Honnibal honnibal
PRO
23
1.4k
Templates, Plugins, & Blocks: Oh My! Creating the theme that thinks of everything
Avatar for Michelle Schulp Hunt marktimemedia
31
2.5k
The Power of CSS Pseudo Elements
Avatar for Geoffrey Crofte geoffreycrofte
77
5.9k
Sharpening the Axe: The Primacy of Toolmaking
Avatar for Bryan Cantrill bcantrill
44
2.4k
10 Git Anti Patterns You Should be Aware of
Avatar for Lemi Orhan Ergin lemiorhan
PRO
656
60k
StorybookのUI Testing Handbookを読んだ
Avatar for Shingo Yamazaki zakiyama
30
6k
Optimising Largest Contentful Paint
Avatar for Harry Roberts csswizardry
37
3.4k

Transcript

  1. Hash Range Queries For simple, privacy-preserving data-sharing

  2. https://blog.cloudflare.com/validating-leaked-passwords-with-k-anonymity/
 https://www.troyhunt.com/ive-just-launched-pwned-passwords-version-2/ Not my original idea

  3. https://api.pwnedpasswords.com/pwnedpassword/password A request for a single password reveals who is

    interested in this password. Maybe not that interesting for a widely-used value …

  4. https://api.pwnedpasswords.com/pwnedpassword/p1nkyp13 But how many people would use their favorite my

    little pony character with vowels replaced with numbers?

  5. Do you trust the person operating the service? • Are

    they doing something else with the data? • Are they securing the data?
  6. None

  7. How can a client get a single record from a

    server without revealing the record identifier to the server?

  8. The Easiest Way: Hashed Identifiers

  9. None
  10. None

  11. But rainbow tables exist

  12. None

  13. The Hard Way: Private Set Intersection

  14. None
  15. None

  16. The Middle Way: k-Anonymity

  17. https://en.wikipedia.org/wiki/K-anonymity Every record is unique

  18. https://en.wikipedia.org/wiki/K-anonymity k-Anonymity: 2 for any combination of Age + Gender

    + State found in any row of the table there are always at least 2 rows with those exact attributes Suppression Suppression Generalization

  19. https://blog.cloudflare.com/validating-leaked-passwords-with-k-anonymity/ By using this property, we are able to seperate

    hashes into anonymized "buckets".

  20. https://blog.cloudflare.com/validating-leaked-passwords-with-k-anonymity/ A client is able to anonymize the user-supplied hash

  21. https://blog.cloudflare.com/validating-leaked-passwords-with-k-anonymity/ … and then download all hashes in the same

    anonymized "bucket" as that hash … {

  22. https://blog.cloudflare.com/validating-leaked-passwords-with-k-anonymity/ { 5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8 5baa61f4c0b12f0a6691121c7de9420c8ff12c1f 5baa61aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa 5baa61bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb 5baa61cccccccccccccccccccccccccccccccccc 5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8 5baa61f4c0b12f0a6691121c7de9420c8ff12c1f 5baa61aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa

    5baa61bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb 5baa61cccccccccccccccccccccccccccccccccc … then do an offline check to see if the user- supplied hash is in that breached bucket.