Date: Mon, 29 Oct 2018 09:33:08 -0800 From: Royce Williams <royce@...ho.org> To: passwords@...ts.openwall.com Subject: Re: Bloom filter patent On Mon, Oct 29, 2018 at 8:01 AM Solar Designer <solar@...nwall.com> wrote: > A couple of weeks ago, I learned that a company claims to have patented > the use of Bloom filter for checking whether a password is known to have > been compromised: > > hxxps:// > blog.shapesecurity.com/2018/09/26/look-ma-no-passwords-how-why-blackfish-uses-bloom-filters/ > hxxps://www.shapesecurity.com/blackfish/ > > "Blackfish doesn't store passwords > > The security of the Blackfish system itself was the most important > design consideration. Shape's patented design uses a Bloom filter, > enabling Blackfish to perform lookups of your user's credentials without > maintaining a database of compromised passwords." > According to this cache of Passwords '14 proceedings, Blackfish was around at that time: https://books.google.com/books?id=iyXUCgAAQBAJ&pg=PA141&lpg=PA141&dq=%22passwords%22+%22bloom+filter%22 Potential other prior art and/or informative links, not yet analyzed (some suggested to me off-list after a side query): https://pdfs.semanticscholar.org/ce61/eef0efd3544c8df43324cbe4e05ba12a610a.pdf (Spafford, 1991 - "OPUS") https://docs.lib.purdue.edu/cgi/viewcontent.cgi?referer=&httpsredir=1&article=1969&context=cstech (Spafford, 1992) https://www.usenix.org/legacy/event/hotsec10/tech/full_papers/Schechter.pdf (Schecter, Herley, Mitzenmacher, 2010) https://github.com/krisives/bloomer-php (2015) https://gist.github.com/marcan/23e1ec416bf884dcd7f0e635ce5f2724 https://www.bloomingpassword.fun/ https://github.com/reedy/mw-password-bloom-filter https://github.com/jthomas/serverless-pwned-passwords (2017) https://cs.unc.edu/~fabian/courses/CS600.624/slides/bloomslides.pdf https://cry.github.io/nbp/ Royce Content of type "text/html" skipped
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.