Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Hash Range Queries
Search
Sponsored
·
SiteGround - Reliable hosting with speed, security, and support you can count on.
→
luke crouch
December 18, 2018
Technology
0
130
Hash Range Queries
For simple, privacy-preserving data-sharing.
luke crouch
December 18, 2018
Tweet
Share
More Decks by luke crouch
See All by luke crouch
Mr. Brokebot: Lethal language attacks against AI agents
groovecoder
0
34
Pigeons to Padlocks: 5000 years of Network Security
groovecoder
0
93
cryptory-up-to-https-atlas-2024.pdf
groovecoder
0
77
Cryptography: 500 BC to https
groovecoder
0
190
Mozilla Observatory First Draft
groovecoder
0
140
VPNs
groovecoder
0
140
Digital Privacy & Security
groovecoder
0
270
Cryptography: 500 BC to Quantum Computing
groovecoder
0
1k
Just enough bitcoing to go cryptojacking with JavaScript
groovecoder
0
120
Other Decks in Technology
See All in Technology
[E2]CCoEはAI指揮官へ。Bedrock×MCPで構築するコスト・セキュリティ自律運用基盤
taku1418
0
190
visionOS 開発向けの MCP / Skills をつくり続けることで XR の探究と学習を最大化
karad
1
500
【Oracle Cloud ウェビナー】【入門編】はじめてのOracle AI Data Platform - AIのためのデータ準備&自社用AIエージェントをワンストップで実現
oracle4engineer
PRO
1
150
2026-03-11 JAWS-UG 茨城 #12 改めてALBを便利に使う
masasuzu
2
400
Tebiki Engineering Team Deck
tebiki
0
27k
AI実装による「レビューボトルネック」を解消する仕様駆動開発(SDD)/ ai-sdd-review-bottleneck
rakus_dev
0
150
S3はフラットである –AWS公式SDKにも存在した、 署名付きURLにおけるパストラバーサル脆弱性– / JAWS DAYS 2026
flatt_security
0
1.8k
Oracle Cloud Infrastructure IaaS 新機能アップデート 2025/12 - 2026/2
oracle4engineer
PRO
0
160
今のWordPress の制作手法ってなにがあんねん?(改) / What’s the Deal with WordPress Development These Days?
tbshiki
0
500
Kubernetesにおける推論基盤
ry
1
410
猫でもわかるKiro CLI(AI 駆動開発への道編)
kentapapa
0
250
Sansanでの認証基盤内製化と移行
sansantech
PRO
0
550
Featured
See All Featured
Helping Users Find Their Own Way: Creating Modern Search Experiences
danielanewman
31
3.1k
Winning Ecommerce Organic Search in an AI Era - #searchnstuff2025
aleyda
1
1.9k
Redefining SEO in the New Era of Traffic Generation
szymonslowik
1
250
Beyond borders and beyond the search box: How to win the global "messy middle" with AI-driven SEO
davidcarrasco
3
77
Organizational Design Perspectives: An Ontology of Organizational Design Elements
kimpetersen
PRO
1
640
30 Presentation Tips
portentint
PRO
1
250
Code Reviewing Like a Champion
maltzj
528
40k
Context Engineering - Making Every Token Count
addyosmani
9
760
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
jcasabona
34
2.7k
Design and Strategy: How to Deal with People Who Don’t "Get" Design
morganepeng
133
19k
AI Search: Implications for SEO and How to Move Forward - #ShenzhenSEOConference
aleyda
1
1.2k
The Organizational Zoo: Understanding Human Behavior Agility Through Metaphoric Constructive Conversations (based on the works of Arthur Shelley, Ph.D)
kimpetersen
PRO
0
270
Transcript
Hash Range Queries For simple, privacy-preserving data-sharing
https://blog.cloudflare.com/validating-leaked-passwords-with-k-anonymity/ https://www.troyhunt.com/ive-just-launched-pwned-passwords-version-2/ Not my original idea
https://api.pwnedpasswords.com/pwnedpassword/password A request for a single password reveals who is
interested in this password. Maybe not that interesting for a widely-used value …
https://api.pwnedpasswords.com/pwnedpassword/p1nkyp13 But how many people would use their favorite my
little pony character with vowels replaced with numbers?
Do you trust the person operating the service? • Are
they doing something else with the data? • Are they securing the data?
None
How can a client get a single record from a
server without revealing the record identifier to the server?
The Easiest Way: Hashed Identifiers
None
None
But rainbow tables exist
None
The Hard Way: Private Set Intersection
None
None
The Middle Way: k-Anonymity
https://en.wikipedia.org/wiki/K-anonymity Every record is unique
https://en.wikipedia.org/wiki/K-anonymity k-Anonymity: 2 for any combination of Age + Gender
+ State found in any row of the table there are always at least 2 rows with those exact attributes Suppression Suppression Generalization
https://blog.cloudflare.com/validating-leaked-passwords-with-k-anonymity/ By using this property, we are able to seperate
hashes into anonymized "buckets".
https://blog.cloudflare.com/validating-leaked-passwords-with-k-anonymity/ A client is able to anonymize the user-supplied hash
…
https://blog.cloudflare.com/validating-leaked-passwords-with-k-anonymity/ … and then download all hashes in the same
anonymized "bucket" as that hash … {
https://blog.cloudflare.com/validating-leaked-passwords-with-k-anonymity/ { 5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8 5baa61f4c0b12f0a6691121c7de9420c8ff12c1f 5baa61aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa 5baa61bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb 5baa61cccccccccccccccccccccccccccccccccc 5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8 5baa61f4c0b12f0a6691121c7de9420c8ff12c1f 5baa61aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
5baa61bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb 5baa61cccccccccccccccccccccccccccccccccc … then do an offline check to see if the user- supplied hash is in that breached bucket.
SiteGround - Reliable hosting with speed, security, and support you can count on.
groovecoder
taku1418
karad
oracle4engineer
masasuzu
tebiki
rakus_dev
flatt_security
tbshiki
ry
kentapapa
sansantech
danielanewman
aleyda
szymonslowik
davidcarrasco
kimpetersen
portentint
maltzj
addyosmani
jcasabona
morganepeng
