Hi @VikingTechGuy ,
As far as I can tell, the solution you are proposing now is essentially equivalent to Solution 2 in the other thread, which you told us was unacceptable. Adding the PRF after the hash doesn’t change anything to the cryptographic properties, because they are both deterministic functions, so brute force attacks still apply. You have essentially just defined a new hash function which is the composition of the original hash function and the PRF. More specifically,
- if the input data is not too long, brute force can be used to recover it,
- if the input data is very long but partially known (e.g., you know someone’s name but not their passport number), brute force can be used to recover the missing data,
- if the input data is known but not whether the user has subscribed to a service, by computing the CUID and comparing it to those subscribed we can identify if the user is taking part.
In your own words:
I have removed the sentence about consistent hashes across services in the above quote, because that is solved by adding the context as you did.
These privacy weaknesses were the reason we came up with Solution 3, where a seed/key generated by a trusted IDP is used in the PRF. But then setting it up is more complicated because it requires a third party.
I now have no idea if you prefer Solution 2 with weaker privacy be easier set-up, or Solution 3 with better privacy but requires a trusted 3rd party to hold a secret key and help generated the uniqueness key.
Cheers,
Christopher