Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Hash Range Queries

luke crouch
December 18, 2018
Technology
0
92

Hash Range Queries

For simple, privacy-preserving data-sharing.

luke crouch

December 18, 2018
Tweet

More Decks by luke crouch

See All by luke crouch
Pigeons to Padlocks: 5000 years of Network Security
groovecoder
0
51
cryptory-up-to-https-atlas-2024.pdf
groovecoder
0
48
Cryptography: 500 BC to https
groovecoder
0
140
Mozilla Observatory First Draft
groovecoder
0
110
VPNs
groovecoder
0
100
Digital Privacy & Security
groovecoder
0
240
Cryptography: 500 BC to Quantum Computing
groovecoder
0
610
Just enough bitcoing to go cryptojacking with JavaScript
groovecoder
0
83
Can we protect Privacy without breaking the web
groovecoder
0
140

Other Decks in Technology

See All in Technology
ソフトウェアプロジェクトの成功率が上がらない原因-「社会価値を考える」ということ-
ytanaka5569
0
140
新卒1年目のフロントエンド開発での取り組み/New grad front-end efforts
kaonavi
0
140
Road to SRE NEXT@仙台 IVRyの組織の形とSLO運用の現状
abnoumaru
1
450
Amazon Q Developer 他⽣成AIと⽐較してみた
takano0131
1
140
20250328_RubyKaigiで出会い鯛_____RubyKaigiから始まったはじめてのOSSコントリビュート.pdf
mterada1228
0
420
3/26 クラウド食堂LT #2 GenU案件を通して学んだ教訓 登壇資料
ymae
1
240
Cline、めっちゃ便利、お金が飛ぶ💸
iwamot
20
19k
20250328_OpenAI製DeepResearchは既に一種のAGIだと思う話
doradora09
PRO
0
180
MCP Documentation Server @AI Coding Meetup #1
yyoshiki41
1
2k
ペアーズにおけるData Catalog導入の取り組み
hisamouna
0
250
Multitenant 23ai の全貌 - 機能・設計・実装・運用からマイクロサービスまで
oracle4engineer
PRO
2
160
数百台のオンプレミスのサーバーをEKSに移行した話
yukiteraoka
0
770

Featured

See All Featured
Evolution of real-time – Irina Nazarova, EuRuKo, 2024
irinanazarova
7
630
CoffeeScript is Beautiful & I Never Want to Write Plain JavaScript Again
sstephenson
160
15k
Easily Structure & Communicate Ideas using Wireframe
afnizarnur
194
16k
Art, The Web, and Tiny UX
lynnandtonic
298
20k
Done Done
chrislema
183
16k
Chrome DevTools: State of the Union 2024 - Debugging React & Beyond
addyosmani
4
500
Side Projects
sachag
452
42k
Product Roadmaps are Hard
iamctodd
PRO
52
11k
Fireside Chat
paigeccino
37
3.4k
Keith and Marios Guide to Fast Websites
keithpitt
411
22k
KATA
mclloyd
29
14k
What’s in a name? Adding method to the madness
productmarketing
PRO
22
3.4k

Transcript

  1. Hash Range Queries For simple, privacy-preserving data-sharing

  2. https://blog.cloudflare.com/validating-leaked-passwords-with-k-anonymity/
 https://www.troyhunt.com/ive-just-launched-pwned-passwords-version-2/ Not my original idea

  3. https://api.pwnedpasswords.com/pwnedpassword/password A request for a single password reveals who is

    interested in this password. Maybe not that interesting for a widely-used value …

  4. https://api.pwnedpasswords.com/pwnedpassword/p1nkyp13 But how many people would use their favorite my

    little pony character with vowels replaced with numbers?

  5. Do you trust the person operating the service? • Are

    they doing something else with the data? • Are they securing the data?
  6. None

  7. How can a client get a single record from a

    server without revealing the record identifier to the server?

  8. The Easiest Way: Hashed Identifiers

  9. None
  10. None

  11. But rainbow tables exist

  12. None

  13. The Hard Way: Private Set Intersection

  14. None
  15. None

  16. The Middle Way: k-Anonymity

  17. https://en.wikipedia.org/wiki/K-anonymity Every record is unique

  18. https://en.wikipedia.org/wiki/K-anonymity k-Anonymity: 2 for any combination of Age + Gender

    + State found in any row of the table there are always at least 2 rows with those exact attributes Suppression Suppression Generalization

  19. https://blog.cloudflare.com/validating-leaked-passwords-with-k-anonymity/ By using this property, we are able to seperate

    hashes into anonymized "buckets".

  20. https://blog.cloudflare.com/validating-leaked-passwords-with-k-anonymity/ A client is able to anonymize the user-supplied hash

  21. https://blog.cloudflare.com/validating-leaked-passwords-with-k-anonymity/ … and then download all hashes in the same

    anonymized "bucket" as that hash … {

  22. https://blog.cloudflare.com/validating-leaked-passwords-with-k-anonymity/ { 5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8 5baa61f4c0b12f0a6691121c7de9420c8ff12c1f 5baa61aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa 5baa61bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb 5baa61cccccccccccccccccccccccccccccccccc 5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8 5baa61f4c0b12f0a6691121c7de9420c8ff12c1f 5baa61aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa

    5baa61bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb 5baa61cccccccccccccccccccccccccccccccccc … then do an offline check to see if the user- supplied hash is in that breached bucket.