私人数据库服务器小型_我应该散列私人数据吗？

私人数据库服务器小型

Let’s, uhhhhh, hash this out a bit, because the distinction between “when is a hash okay” and “when is a hash not okay” is very important for teaching software engineers who will often use hashes in their work.

让我们稍微说一下，因为“什么时候可以进行哈希处理”与“什么时候可以进行哈希处理”之间的区别对于教导经常在工作中使用哈希的软件工程师非常重要。

As summarized by renowned security and privacy expert Dr. Lea Kissner,

正如著名安全和隐私专家Lea Kissner博士总结的那样，

“Hash functions are tricky and I’ve seen a lot of people think they throw away all of the information you put in them. But they don’t, which is the precise reason why they’re useful.”

“ 哈希函数非常棘手，我已经看到很多人认为它们会丢弃您放入其中的所有信息。 但是它们没有，这正是它们有用的确切原因。 ”

A hash is a “digest”. They identify the data that was hashed in a one-to-one relationship. Hashes have subtle properties that make them useful to attackers, which undermines security and privacy. As Dr. Sophie Schmieg (Google Lead ISE Crypto) remarked, hashes are in a dangerous grey area between “don’t use hashes for anything you want to keep secret” and “a hash is a one-way function with meaningless output”.

哈希是“摘要”。他们识别以一对一关系散列的数据。哈希具有微妙的属性，使其对攻击者有用，从而破坏了安全性和隐私性。正如Sophie Schmieg博士 (Google Lead ISE Crypto)指出的那样，散列位于“不要对要保密的任何事物使用散列”与“散列是单向函数，无意义的输出”之间的危险灰色区域。

To set expectations: the target audience is software and security engineers, and the goal is a gentle introduction to the reasoning and methods of applied cryptography that software and security engineers may use in their work. This is not a resource for enterprise organizations—in particular, I do not address risks for an attacker that has access to keys. This is not a resource for rigorous data anonymization (see, e.g., this anonymization bibliography).

设定期望：目标受众是软件和安全工程师，目标是对软件和安全工程师在工作中可能使用的应用密码学的原理和方法进行简要介绍。这不是企业组织的资源-特别是，我没有解决攻击者可以访问密钥的风险。这不是用于严格的数据匿名化的资源(例如，参见此匿名化参考书目 )。

哈希作为标识符 (Hashes as Identifiers)

Using a hash on low entropy data is very vulnerable to brute force attack. E.g., rainbow tables — and anything under ~80 bits of entropy could be brute forced by a determined attacker with resources and time. Beyond directly brute forcing: the whole point of a hash is that it’s a deterministic identifier of data. A hash of data can detect tampering on that data because it is deterministic: if the data is changed, the hash of that data will also change, which provides simple tamper detection — provided that the hash you use to verify is not under the attacker’s control.

在低熵数据上使用哈希很容易受到暴力攻击。例如，彩虹表-以及熵大约在80位以下的任何内容都可能被坚定的攻击者用资源和时间强行强行使用。除了直接蛮力外：哈希的全部意义在于它是数据的确定性标识符。数据散列可以确定是否对数据进行篡改，因为它是确定性的：如果数据发生更改，则该数据的哈希也将发生变化，这提供了简单的篡改检测-只要您用于验证的哈希不受攻击者的控制。

Let’s say we hashed every name, email, and phone number in a database of PII. It sounds like we could pass around the hash to safely use machine learning or identify “yes we’re talking about the same user”. The first issue is tracing: an attacker also identifies “ah, the user assigned here is the same user assigned here, which matches the hash I found in haveibeenpwned.com”. If your data is public, and especially if it is important to someone — you, the user, or the attacker! — it may have been hashed and can be identified by the hash. (Imagine a powerful data broker that collects and indexes large quantities of data. What would they be able to do with hashes of sensitive data?)

假设我们对PII数据库中的每个姓名，电子邮件和电话号码进行了哈希处理。听起来我们可以绕过哈希表来安全地使用机器学习或识别“是的，我们在谈论同一用户”。第一个问题是跟踪：攻击者还标识“啊，在此分配的用户与在此分配的用户相同，与我在haveibeenpwned.com中找到的哈希匹配”。如果您的数据是公开的，尤其是对于某人(您，用户或攻击者)很重要！ —它可能已经被散列，并且可以由散列识别。 ( 想象一下一个功能强大的数据代理，该代理可以收集和索引大量数据。对于敏感数据的哈希，它们将如何处理？ )

If a hash is used to identify data, but the data should be private, why not use a UUID? A UUID provides unique identifiers. There’s still a tracking problem, but that’s an issue inherent to any system that uses identifiers.

如果使用散列来标识数据，但数据应为私有数据，为什么不使用UUID？ UUID提供唯一的标识符。仍然存在跟踪问题，但这是任何使用标识符的系统固有的问题。

So a system that hashes small pieces of low entropy data can have some risks, but what about large data blobs? Maybe you took a picture of a passport and hash that to identify or detect tampering. Maybe a software company asks users to share a screenshot of their car registration in the DMV portal. If there is only one copy of each large data blob that is hashed, this is relatively private and secure. However, if this is a picture that is uploaded to cloud providers, shared on social media, or published on a website, the hash now serves as an abusable identifier. Just as software engineers may use a hash digest as an identity to reference data, attackers can similarly query on a hash against public data or against their private data stockpile.

因此，散乱小块低熵数据的系统可能会有一些风险，但是大块数据呢？也许您拍了护照和哈希的照片以识别或检测篡改。也许一家软件公司要求用户在DMV门户中共享其汽车注册的屏幕截图。如果散列的每个大数据Blob只有一个副本，则这是相对私有和安全的。但是，如果这是上传到云提供商，在社交媒体上共享或在网站上发布的图片，则哈希现在用作可滥用的标识符。就像软件工程师可以使用哈希摘要作为引用数据的标识一样，攻击者可以类似地针对公共数据或私有数据仓库查询哈希。

哈希和威胁模型 (Hashes and Threat Models)

“But our data and our hash is private!” — Ideally, yes! But sometimes hashes of data are exposed by vulnerabilities in system design or by attackers dumping data.

“但是我们的数据和哈希是私有的！” —理想情况下，是的！但是有时数据散乱会因系统设计中的漏洞或攻击者转储数据而暴露。

In general, assume that anyone who can access the hash of sensitive data should also have access to the sensitive data. In particular, for non-ephemeral keys. Stay with me for a sec, because that’s a bold and wide assertion. While it is, indeed, generally infeasible to reverse the one-to-one mapping from data to its hash output, the comments above show some of the dangers of creating an easily computable value that attackers could abuse through match detection and identifying data in large data sets, among other threats. There are plenty of scenarios where a hash is a solution that provides reasonable security and privacy for the intended threat model.

通常，假定可以访问敏感数据哈希的任何人也应有权访问敏感数据。特别是对于非临时密钥。和我呆一秒钟，因为这是一个大胆而广泛的主张。实际上，从数据到哈希输出的一对一映射通常是不可行的，但以上注释显示了创建易于计算的值的危险，攻击者可能通过匹配检测和大规模识别数据来滥用这些值数据集以及其他威胁。在很多情况下，哈希是一种解决方案，可以为预期的威胁模型提供合理的安全性和隐私性。

Hashes are used Extremely Frequently in tech, especially in startups, as a handy way to obscure data while providing a tag or an integrity check. That’s Probably Okay for your current threat model: it is genuinely difficult to find a preimage of a hash, the benefits of tracing data across a small system often outweigh the risks, and you’re probably not a high-value target for an APT (though some of your customers might be