Lock in $30 Savings on PRO—Offer Ends Soon! ⏳

Hash Range Queries

Avatar for luke crouch luke crouch
December 18, 2018
Technology
0
120

Hash Range Queries

For simple, privacy-preserving data-sharing.

Avatar for luke crouch

luke crouch

December 18, 2018
Tweet

More Decks by luke crouch

See All by luke crouch
Mr. Brokebot: Lethal language attacks against AI agents
Avatar for luke crouch groovecoder
0
10
Pigeons to Padlocks: 5000 years of Network Security
Avatar for luke crouch groovecoder
0
78
cryptory-up-to-https-atlas-2024.pdf
Avatar for luke crouch groovecoder
0
67
Cryptography: 500 BC to https
Avatar for luke crouch groovecoder
0
170
Mozilla Observatory First Draft
Avatar for luke crouch groovecoder
0
130
VPNs
Avatar for luke crouch groovecoder
0
130
Digital Privacy & Security
Avatar for luke crouch groovecoder
0
260
Cryptography: 500 BC to Quantum Computing
Avatar for luke crouch groovecoder
0
900
Just enough bitcoing to go cryptojacking with JavaScript
Avatar for luke crouch groovecoder
0
110

Other Decks in Technology

See All in Technology
生成AIでテスト設計はどこまでできる? 「テスト粒度」を操るテーラリング術
Avatar for ks shota_kusaba
0
760
Gemini でコードレビュー知見を見える化
Avatar for ZOZO Developers zozotech
PRO
1
250
AI-DLCを現場にインストールしてみた:プロトタイプ開発で分かったこと・やめたこと
Avatar for Recruit recruitengineers
PRO
2
120
OCI Oracle Database Services新機能アップデート(2025/09-2025/11)
Avatar for oracle4engineer oracle4engineer
PRO
1
180
Database イノベーショントークを振り返る/reinvent-2025-database-innovation-talk-recap
Avatar for emi emiki
0
170
Lessons from Migrating to OpenSearch: Shard Design, Log Ingestion, and UI Decisions
Avatar for SansanTech sansantech
PRO
1
130
エンジニアとPMのドメイン知識の溝をなくす、 AIネイティブな開発プロセス
Avatar for Michiru Kato applism118
4
1.3k
Power of Kiro : あなたの㌔はパワステ搭載ですか?
Avatar for r3_yamauchi r3_yamauchi
PRO
0
140
Ruby で作る大規模イベントネットワーク構築・運用支援システム TTDB
Avatar for Taketo Takashima taketo1113
1
300
Microsoft Agent 365 についてゆっくりじっくり理解する!
Avatar for skmkzyk skmkzyk
0
320
打 造 A I 驅 動 的 G i t H u b ⾃ 動 化 ⼯ 作 流 程
Avatar for Bo-Yi Wu appleboy
0
330
[CMU-DB-2025FALL] Apache Fluss - A Streaming Storage for Real-Time Lakehouse
Avatar for Jark Wu jark
0
120

Featured

See All Featured
Understanding Cognitive Biases in Performance Measurement
Avatar for Philip Tellis bluesmoon
32
2.7k
"I'm Feeling Lucky" - Building Great Search Experiences for Today's Users (#IAC19)
Avatar for Dan Newman danielanewman
231
22k
Visualizing Your Data: Incorporating Mongo into Loggly Infrastructure
Avatar for mongodb mongodb
48
9.8k
How to Create Impact in a Changing Tech Landscape [PerfNow 2023]
Avatar for Tammy Everts tammyeverts
55
3.1k
How to Ace a Technical Interview
Avatar for Jacob Kaplan-Moss jacobian
280
24k
Done Done
Avatar for chrislema chrislema
186
16k
How To Stay Up To Date on Web Technology
Avatar for Chris Coyier chriscoyier
791
250k
Practical Orchestrator
Avatar for Shlomi Noach shlominoach
190
11k
Become a Pro
Avatar for Speaker Deck speakerdeck
PRO
31
5.7k
Balancing Empowerment & Direction
Avatar for Lara Hogan lara
5
800
RailsConf 2023
Avatar for Aaron Patterson tenderlove
30
1.3k
Statistics for Hackers
Avatar for Jake VanderPlas jakevdp
799
230k

Transcript

  1. Hash Range Queries For simple, privacy-preserving data-sharing

  2. https://blog.cloudflare.com/validating-leaked-passwords-with-k-anonymity/
 https://www.troyhunt.com/ive-just-launched-pwned-passwords-version-2/ Not my original idea

  3. https://api.pwnedpasswords.com/pwnedpassword/password A request for a single password reveals who is

    interested in this password. Maybe not that interesting for a widely-used value …

  4. https://api.pwnedpasswords.com/pwnedpassword/p1nkyp13 But how many people would use their favorite my

    little pony character with vowels replaced with numbers?

  5. Do you trust the person operating the service? • Are

    they doing something else with the data? • Are they securing the data?
  6. None

  7. How can a client get a single record from a

    server without revealing the record identifier to the server?

  8. The Easiest Way: Hashed Identifiers

  9. None
  10. None

  11. But rainbow tables exist

  12. None

  13. The Hard Way: Private Set Intersection

  14. None
  15. None

  16. The Middle Way: k-Anonymity

  17. https://en.wikipedia.org/wiki/K-anonymity Every record is unique

  18. https://en.wikipedia.org/wiki/K-anonymity k-Anonymity: 2 for any combination of Age + Gender

    + State found in any row of the table there are always at least 2 rows with those exact attributes Suppression Suppression Generalization

  19. https://blog.cloudflare.com/validating-leaked-passwords-with-k-anonymity/ By using this property, we are able to seperate

    hashes into anonymized "buckets".

  20. https://blog.cloudflare.com/validating-leaked-passwords-with-k-anonymity/ A client is able to anonymize the user-supplied hash

  21. https://blog.cloudflare.com/validating-leaked-passwords-with-k-anonymity/ … and then download all hashes in the same

    anonymized "bucket" as that hash … {

  22. https://blog.cloudflare.com/validating-leaked-passwords-with-k-anonymity/ { 5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8 5baa61f4c0b12f0a6691121c7de9420c8ff12c1f 5baa61aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa 5baa61bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb 5baa61cccccccccccccccccccccccccccccccccc 5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8 5baa61f4c0b12f0a6691121c7de9420c8ff12c1f 5baa61aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa

    5baa61bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb 5baa61cccccccccccccccccccccccccccccccccc … then do an offline check to see if the user- supplied hash is in that breached bucket.