[Cryptography] Homomorphic and Structured Encryption

Kevin W. Wall kevin.w.wall at gmail.com
Mon Feb 28 10:59:36 EST 2022

On Mon, Feb 28, 2022 at 12:57 AM Jerry Leichter <leichter at lrw.com> wrote:

> > Bloom filters are also used in spelling checkers. <...snip...>
> Use cases where you expect most things not to be in the database don't
> seem to be common.  Years ago, David Wittenberg and I got a patent (long
> expired) on using a Bloom filter with cryptographic hash functions to test
> whether proposed password was already in use by anyone in a system.
> Because of the cryptographic hashes, it would be impractical to determine
> what passwords were actually in use.  This is a case where you expect most
> of the answers to be "not found."  However, checking the "found" items
> would require keeping the actual passwords around, which you don't want to
> do. But ... that could be used if you were checking for matches to *leaked*
> passwords, I suppose.

Doesn't the use of random salts stored with the password hashes make that
approach rather useless or am I misunderstanding something?
Blog: https://off-the-wall-security.blogspot.com/    | Twitter: @KevinWWall
| OWASP ESAPI Project co-lead
NSA: All your crypto bit are belong to us.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20220228/dbebae72/attachment.htm>

More information about the cryptography mailing list