I actually implemented a bloom filter once to audit passwords in the 'real-world'.
We had a user who wanted a password audit, but who refused to provide password hashes. He insisted the hashes were too sensitive to give to anyone outside his organization.
So we wrote the bloom filter program and showed him how to run it. Its output was a... bloom filter (a C++ std::bitset<>.to_string()) that we could take and compare against known common hashes. Easy to compress. He liked the fact that it was just ones and zeros. No hashes were given to us. Just a string of ones and zeros. Not that there's a difference really.
Anyway, we took his filter and compared it to known weak hashes and when any known weak hash matched, we added that to another filter that we created and sent that back to him and he would make one final pass (using the new filter) to show the weak user name, password, etc.
No password hashes were ever exchanged and it worked OK. We uncovered many weak passwords. He seemed happy. However, the test/audit was not as thorough as I would have liked. You're limited without hashes and this approach is pre-compute intensive.
So there you have it. Bloom filters in the wild and in use. I still have the code someplace. All standard C++ and Crypto++.
Bloom filters and genetic algorithms seem to be subjects of perennial tutorial articles on Hacker News and /r/programming. They're easy enough to understand with a background in the classically-taught data structures and algorithms. Yet, they're usually not covered in many courses, so they're still novel.
We had a user who wanted a password audit, but who refused to provide password hashes. He insisted the hashes were too sensitive to give to anyone outside his organization.
So we wrote the bloom filter program and showed him how to run it. Its output was a... bloom filter (a C++ std::bitset<>.to_string()) that we could take and compare against known common hashes. Easy to compress. He liked the fact that it was just ones and zeros. No hashes were given to us. Just a string of ones and zeros. Not that there's a difference really.
Anyway, we took his filter and compared it to known weak hashes and when any known weak hash matched, we added that to another filter that we created and sent that back to him and he would make one final pass (using the new filter) to show the weak user name, password, etc.
No password hashes were ever exchanged and it worked OK. We uncovered many weak passwords. He seemed happy. However, the test/audit was not as thorough as I would have liked. You're limited without hashes and this approach is pre-compute intensive.
So there you have it. Bloom filters in the wild and in use. I still have the code someplace. All standard C++ and Crypto++.