this post was submitted on 07 Aug 2024
516 points (98.5% liked)

Technology

60052 readers
3783 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 1 points 4 months ago

Yea that's a tough system to design for. Ideally you want sensitive stuff like that, where you don't care what the data is just that something matches it, stored as the results of a one-way hash function.

The problem is that most of the data you're going to want to secure is pathetically tiny. 10 digit SSN? My phone can brute force that in a few minutes if you're doing raw hashes. Gotta salt them. But now you have a tradeoff decision, salting every one uniquely is best but now your comparison needs to do [leaked data] × [customers] checks to find matches. Same salt on all of them and as soon as one is cracked they all are.