Does the server have to multiply the whole 8G block by the encrypted query? If not, wouldn't the server know which block the query was for?
Why return a full row? Wouldn't that leak the hashes of an entire row to every client? Why not set the encrypted query to return just if the password is there or not?
Yes, the server multiplies the query by the entire 8 GB every time. It’s not as slow as it sounds :-) … it’s basically limited by memory bandwidth.
Yeah, we do return the full row. It does leak the hashes, but these are already public (you can directly download them from the Have I Been Pwned website).
Under the hood, we don’t actually send the full hashes back; we can get away with just sending back fewer bits (enough to minimize the chance of a false positive).
4 comments
[ 5.1 ms ] story [ 18.3 ms ] threadWhy return a full row? Wouldn't that leak the hashes of an entire row to every client? Why not set the encrypted query to return just if the password is there or not?
Yeah, we do return the full row. It does leak the hashes, but these are already public (you can directly download them from the Have I Been Pwned website).
Under the hood, we don’t actually send the full hashes back; we can get away with just sending back fewer bits (enough to minimize the chance of a false positive).