[Cryptography] Homomorphic and Structured Encryption
Kevin W. Wall
kevin.w.wall at gmail.com
Mon Feb 28 10:59:36 EST 2022
On Mon, Feb 28, 2022 at 12:57 AM Jerry Leichter <leichter at lrw.com> wrote:
> > Bloom filters are also used in spelling checkers. <...snip...>
>
> Use cases where you expect most things not to be in the database don't
> seem to be common. Years ago, David Wittenberg and I got a patent (long
> expired) on using a Bloom filter with cryptographic hash functions to test
> whether proposed password was already in use by anyone in a system.
> Because of the cryptographic hashes, it would be impractical to determine
> what passwords were actually in use. This is a case where you expect most
> of the answers to be "not found." However, checking the "found" items
> would require keeping the actual passwords around, which you don't want to
> do. But ... that could be used if you were checking for matches to *leaked*
> passwords, I suppose.
>
Doesn't the use of random salts stored with the password hashes make that
approach rather useless or am I misunderstanding something?
Thanks,
-kevin
--
Blog: https://off-the-wall-security.blogspot.com/ | Twitter: @KevinWWall
| OWASP ESAPI Project co-lead
NSA: All your crypto bit are belong to us.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20220228/dbebae72/attachment.htm>
More information about the cryptography
mailing list