Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Hash Range Queries

luke crouch
December 18, 2018
Technology
0
96

Hash Range Queries

For simple, privacy-preserving data-sharing.

luke crouch

December 18, 2018
Tweet

More Decks by luke crouch

See All by luke crouch
Pigeons to Padlocks: 5000 years of Network Security
groovecoder
0
51
cryptory-up-to-https-atlas-2024.pdf
groovecoder
0
49
Cryptography: 500 BC to https
groovecoder
0
140
Mozilla Observatory First Draft
groovecoder
0
110
VPNs
groovecoder
0
110
Digital Privacy & Security
groovecoder
0
240
Cryptography: 500 BC to Quantum Computing
groovecoder
0
630
Just enough bitcoing to go cryptojacking with JavaScript
groovecoder
0
85
Can we protect Privacy without breaking the web
groovecoder
0
140

Other Decks in Technology

See All in Technology
AIコーディングの最前線 〜活用のコツと課題〜
pharma_x_tech
4
2.4k
Linuxのパッケージ管理とアップデート基礎知識
go_nishimoto
0
470
QA/SDETの現在と、これからの挑戦
imtnd
0
150
Amazon CloudWatch を使って NW 監視を行うには
o11yfes2023
0
180
Making a MIDI controller device with PicoRuby/R2P2 (RubyKaigi 2025 LT)
risgk
1
310
“パスワードレス認証への道" ユーザー認証の変遷とパスキーの関係
ritou
1
620
3D生成AIのための画像生成
kosukeito
1
210
Writing Ruby Scripts with TypeProf
mame
0
360
PdM採用とAIの製品活用を同時に頑張ってみた話 / EM oasis 20250418
rakus_dev
0
120
バックオフィス向け toB SaaS バクラクにおけるレコメンド技術活用 / recommender-systems-in-layerx-bakuraku
yuya4
5
570
Dynamic Reteaming And Self Organization
miholovesq
3
640
AWSのマルチアカウント管理 ベストプラクティス最新版 2025 / Multi-Account management on AWS best practice 2025
ohmura
4
320

Featured

See All Featured
Sharpening the Axe: The Primacy of Toolmaking
bcantrill
41
2.2k
CSS Pre-Processors: Stylus, Less & Sass
bermonpainter
357
30k
Gamification - CAS2011
davidbonilla
81
5.2k
Docker and Python
trallard
44
3.3k
The MySQL Ecosystem @ GitHub 2015
samlambert
251
12k
Visualization
eitanlees
146
16k
The Art of Delivering Value - GDevCon NA Keynote
reverentgeek
13
1.4k
Measuring & Analyzing Core Web Vitals
bluesmoon
7
400
Building a Modern Day 
E-commerce SEO Strategy
aleyda
40
7.2k
Reflections from 52 weeks, 52 projects
jeffersonlam
349
20k
Code Reviewing Like a Champion
maltzj
522
40k
ピンチをチャンスに:未来をつくるプロダクトロードマップ #pmconf2020
aki_iinuma
119
51k

Transcript

  1. Hash Range Queries For simple, privacy-preserving data-sharing

  2. https://blog.cloudflare.com/validating-leaked-passwords-with-k-anonymity/
 https://www.troyhunt.com/ive-just-launched-pwned-passwords-version-2/ Not my original idea

  3. https://api.pwnedpasswords.com/pwnedpassword/password A request for a single password reveals who is

    interested in this password. Maybe not that interesting for a widely-used value …

  4. https://api.pwnedpasswords.com/pwnedpassword/p1nkyp13 But how many people would use their favorite my

    little pony character with vowels replaced with numbers?

  5. Do you trust the person operating the service? • Are

    they doing something else with the data? • Are they securing the data?
  6. None

  7. How can a client get a single record from a

    server without revealing the record identifier to the server?

  8. The Easiest Way: Hashed Identifiers

  9. None
  10. None

  11. But rainbow tables exist

  12. None

  13. The Hard Way: Private Set Intersection

  14. None
  15. None

  16. The Middle Way: k-Anonymity

  17. https://en.wikipedia.org/wiki/K-anonymity Every record is unique

  18. https://en.wikipedia.org/wiki/K-anonymity k-Anonymity: 2 for any combination of Age + Gender

    + State found in any row of the table there are always at least 2 rows with those exact attributes Suppression Suppression Generalization

  19. https://blog.cloudflare.com/validating-leaked-passwords-with-k-anonymity/ By using this property, we are able to seperate

    hashes into anonymized "buckets".

  20. https://blog.cloudflare.com/validating-leaked-passwords-with-k-anonymity/ A client is able to anonymize the user-supplied hash

  21. https://blog.cloudflare.com/validating-leaked-passwords-with-k-anonymity/ … and then download all hashes in the same

    anonymized "bucket" as that hash … {

  22. https://blog.cloudflare.com/validating-leaked-passwords-with-k-anonymity/ { 5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8 5baa61f4c0b12f0a6691121c7de9420c8ff12c1f 5baa61aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa 5baa61bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb 5baa61cccccccccccccccccccccccccccccccccc 5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8 5baa61f4c0b12f0a6691121c7de9420c8ff12c1f 5baa61aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa

    5baa61bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb 5baa61cccccccccccccccccccccccccccccccccc … then do an offline check to see if the user- supplied hash is in that breached bucket.