Slide 1
Slide 1 text
Java 8 ͰΔೝূܥ
ौ୩java #8 2014-09-20 at BizReach
@komiya_atsushi
Slide 2
Slide 2 text
͓·ͩΕ
Slide 3
Slide 3 text
,0.*:""UTVTIJ
!LPNJZB@BUTVTIJ
Slide 4
Slide 4 text
No content
Slide 5
Slide 5 text
ʮੈքதͷྑ࣭ͳใΛඞཁͳਓʹૹΓಧ͚Δʯ
ͨΊʹɺौ୩ɾࡩٰொͰ
ʑδϟόδϟό͍ͯ͠·͢
Slide 6
Slide 6 text
ຊͷ͓
Slide 7
Slide 7 text
CZ+PTIVB/F⒎IUUQTqJDLSQDO"&T
͍͔Μͱ͍͠ཧ༝ʹΑΓ
ೝূܥΛࣗ࡞͠ͳ͚Ε
ͳΒͳ͘ͳͬͯ͠·ͬͨ
ʜΈ͍ͨͳέʔεΛఆ
Slide 8
Slide 8 text
ೝূܥʁ
Slide 9
Slide 9 text
ೝূܥʁ
Slide 10
Slide 10 text
͜Ε
ೝূܥʁ
Slide 11
Slide 11 text
͍ΘΏΔϑΥʔϜೝূͬͯͭͰ͢
͜Ε
ೝূܥʁ
Slide 12
Slide 12 text
μϝͳೝূܥ͋Δ͋Δ
Slide 13
Slide 13 text
μϝͳೝূܥ͋Δ͋Δ
• ύεϫʔυΛฏจͷ·· DB ʹอଘͪ͠Ό͏
Slide 14
Slide 14 text
μϝͳೝূܥ͋Δ͋Δ
• ύεϫʔυΛฏจͷ·· DB ʹอଘͪ͠Ό͏
• ύεϫʔυΛ෮ݩՄೳͳ҉߸ԽΞϧΰϦζϜͰ҉߸Խ
Slide 15
Slide 15 text
μϝͳೝূܥ͋Δ͋Δ
• ύεϫʔυΛฏจͷ·· DB ʹอଘͪ͠Ό͏
• ύεϫʔυΛ෮ݩՄೳͳ҉߸ԽΞϧΰϦζϜͰ҉߸Խ
• ύεϫʔυΛΦϨΦϨϋογϡؔͰϋογϡԽ
Slide 16
Slide 16 text
μϝͳೝূܥ͋Δ͋Δ
• ύεϫʔυΛฏจͷ·· DB ʹอଘͪ͠Ό͏
• ύεϫʔυΛ෮ݩՄೳͳ҉߸ԽΞϧΰϦζϜͰ҉߸Խ
• ύεϫʔυΛΦϨΦϨϋογϡؔͰϋογϡԽ
• ύεϫʔυΛ SHA-1 ͱ͔Ͱ୯७ʹϋογϡԽ
Slide 17
Slide 17 text
μϝͳೝূܥ͋Δ͋Δ
• ύεϫʔυΛฏจͷ·· DB ʹอଘͪ͠Ό͏
• ύεϫʔυΛ෮ݩՄೳͳ҉߸ԽΞϧΰϦζϜͰ҉߸Խ
• ύεϫʔυΛΦϨΦϨϋογϡؔͰϋογϡԽ
• ύεϫʔυΛ SHA-1 ͱ͔Ͱ୯७ʹϋογϡԽ
• ύεϫʔυ + ڞ௨ salt Λ SHA-1 ͰϋογϡԽ
Slide 18
Slide 18 text
μϝͳೝূܥ͋Δ͋Δ
• ύεϫʔυΛฏจͷ·· DB ʹอଘͪ͠Ό͏
• ύεϫʔυΛ෮ݩՄೳͳ҉߸ԽΞϧΰϦζϜͰ҉߸Խ
• ύεϫʔυΛΦϨΦϨϋογϡؔͰϋογϡԽ
• ύεϫʔυΛ SHA-1 ͱ͔Ͱ୯७ʹϋογϡԽ
• ύεϫʔυ + ڞ௨ salt Λ SHA-1 ͰϋογϡԽ
• ύεϫʔυ + java.util.Random#nextBytes()
Ͱੜͨ͠ݸผͷ salt Λ SHA-1 ͰϋογϡԽ
Slide 19
Slide 19 text
Ͳ͏͢Ε͍͍ͷ͔ʁ
Slide 20
Slide 20 text
ؾΛ͚ͭΔ͖͜ͱ
Slide 21
Slide 21 text
ؾΛ͚ͭΔ͖͜ͱ
• ΞΧϯτݸผʹ salt Λ༻ҙ͢Δ
Slide 22
Slide 22 text
ؾΛ͚ͭΔ͖͜ͱ
• ΞΧϯτݸผʹ salt Λ༻ҙ͢Δ
• ҉߸తٖࣅཚੜث (CSPRNG) Ͱ salt Λੜ͢Δ
Slide 23
Slide 23 text
ؾΛ͚ͭΔ͖͜ͱ
• ΞΧϯτݸผʹ salt Λ༻ҙ͢Δ
• ҉߸తٖࣅཚੜث (CSPRNG) Ͱ salt Λੜ͢Δ
• /dev/random, /dev/urandom, etc.
Slide 24
Slide 24 text
ؾΛ͚ͭΔ͖͜ͱ
• ΞΧϯτݸผʹ salt Λ༻ҙ͢Δ
• ҉߸తٖࣅཚੜث (CSPRNG) Ͱ salt Λੜ͢Δ
• /dev/random, /dev/urandom, etc.
• ҉߸ֶతϋογϡؔΛར༻͢Δ
Slide 25
Slide 25 text
ؾΛ͚ͭΔ͖͜ͱ
• ΞΧϯτݸผʹ salt Λ༻ҙ͢Δ
• ҉߸తٖࣅཚੜث (CSPRNG) Ͱ salt Λੜ͢Δ
• /dev/random, /dev/urandom, etc.
• ҉߸ֶతϋογϡؔΛར༻͢Δ
• MD5, SHA-1, SHA-512, etc.
Slide 26
Slide 26 text
ؾΛ͚ͭΔ͖͜ͱ
• ΞΧϯτݸผʹ salt Λ༻ҙ͢Δ
• ҉߸తٖࣅཚੜث (CSPRNG) Ͱ salt Λੜ͢Δ
• /dev/random, /dev/urandom, etc.
• ҉߸ֶతϋογϡؔΛར༻͢Δ
• MD5, SHA-1, SHA-512, etc.
• ετϨονϯά͢Δ
Slide 27
Slide 27 text
Java 8 ͰͬͯΈΑ͏
Slide 28
Slide 28 text
Java Cryptography Architecture
Oracle Providers Documentation
• Java 7 :
http://docs.oracle.com/javase/7/docs/
technotes/guides/security/SunProviders.html
• Java 8 :
http://docs.oracle.com/javase/8/docs/
technotes/guides/security/SunProviders.html
Slide 29
Slide 29 text
҉߸తٖࣅཚੜثͰ salt Λੜ͢Δ
Slide 30
Slide 30 text
SecureRandom#nextBytes()
Slide 31
Slide 31 text
҉߸తٖࣅཚੜثͷ࣮
• Java 7 Ҏલ͔Βଘࡏ & શϓϥοτϑΥʔϜαϙʔτ
• SHA1PRNG
• Java 8 Ҏ߱ & Solaris / Linux / OS X ͷΈαϙʔτ
• NativePRNG
• NativePRNGBlocking
• NativePRNGNonBlocking
Slide 32
Slide 32 text
PBKDF2 ͰετϨονϯάͨ͠ϋογϡΛಘΔ
Slide 33
Slide 33 text
new PBEKeySpec(
ύεϫʔυ,
ιϧτ,
܁Γฦ͠ճ,
Ωʔ)
Slide 34
Slide 34 text
new PBEKeySpec(
ύεϫʔυ,
ιϧτ,
܁Γฦ͠ճ,
Ωʔ)
ετϨονϯά
Slide 35
Slide 35 text
ετϨονϯά
• ܁Γฦ͠ճͷઃఆ
• CPU ϦιʔεΛফඅ͢Δ͜ͱʹҙ
• DoS ߈ܸͷखஈʹͳΓ͏Δ
• ࢀߟ : 1Password
• https://learn2.agilebits.com/1Password4/Security/PBKDF2-
overview.html
• 10,000 ճΒ͍͠
Slide 36
Slide 36 text
SecretKeyFactory
.getInstance()
Slide 37
Slide 37 text
DES
DESede
PBEWithMD5AndDES
PBEWithMD5AndTripleDES
PBEWithSHA1AndDESede
PBEWithSHA1AndRC2_40
PBKDF2WithHmacSHA1
DES
DESede
PBEWithMD5AndDES
PBEWithMD5AndTripleDES
PBEWithSHA1AndDESede
PBEWithSHA1AndRC2_40
PBEWithSHA1AndRC2_128
PBEWithSHA1AndRC4_40
PBEWithSHA1AndRC4_128
PBKDF2WithHmacSHA1
PBKDF2WithHmacSHA224
PBKDF2WithHmacSHA256
PBKDF2WithHmacSHA384
PBKDF2WithHmacSHA512
PBEWithHmacSHA1AndAES_128
PBEWithHmacSHA224AndAES_128
PBEWithHmacSHA256AndAES_128
PBEWithHmacSHA384AndAES_128
PBEWithHmacSHA512AndAES_128
PBEWithHmacSHA1AndAES_256
PBEWithHmacSHA224AndAES_256
PBEWithHmacSHA256AndAES_256
PBEWithHmacSHA384AndAES_256
PBEWithHmacSHA512AndAES_256
+BWB +BWB
Slide 38
Slide 38 text
DES
DESede
PBEWithMD5AndDES
PBEWithMD5AndTripleDES
PBEWithSHA1AndDESede
PBEWithSHA1AndRC2_40
PBKDF2WithHmacSHA1
DES
DESede
PBEWithMD5AndDES
PBEWithMD5AndTripleDES
PBEWithSHA1AndDESede
PBEWithSHA1AndRC2_40
PBEWithSHA1AndRC2_128
PBEWithSHA1AndRC4_40
PBEWithSHA1AndRC4_128
PBKDF2WithHmacSHA1
PBKDF2WithHmacSHA224
PBKDF2WithHmacSHA256
PBKDF2WithHmacSHA384
PBKDF2WithHmacSHA512
PBEWithHmacSHA1AndAES_128
PBEWithHmacSHA224AndAES_128
PBEWithHmacSHA256AndAES_128
PBEWithHmacSHA384AndAES_128
PBEWithHmacSHA512AndAES_128
PBEWithHmacSHA1AndAES_256
PBEWithHmacSHA224AndAES_256
PBEWithHmacSHA256AndAES_256
PBEWithHmacSHA384AndAES_256
PBEWithHmacSHA512AndAES_256
+BWB +BWB
Slide 39
Slide 39 text
https://gist.github.com/
komiya-atsushi/
6ffac79533c3bfad8bba
Slide 40
Slide 40 text
·ͱΊ
Slide 41
Slide 41 text
͜͜·Ͱॻ͍͓͍ͯͯͳΜͰ͕͢
• ೝূܥͷࣗ࡞Ί·͠ΐ͏
• ʮṷṷʯ
• ʢͬͨ͜ͱͳ͍Ͱ͕͢ʣApache Shiro ͱ͔ Spring
Security ͱ͔͏ͱ͍͍Μ͡Όͳ͍Ͱ͔͢Ͷʁ
• “Apache Shiro ΛͬͯΈͨ”
http://www.slideshare.net/chonaso/java-apache-
shiro
Slide 42
Slide 42 text
େਓͷࣄͰೝূܥΛࣗ࡞͠ͳ͖Ό
͍͚ͳ͍ͱ͖
• ҎԼΛ͖ͪΜͱҙࣝͯ͠࡞ΔΑ͏ʹ͠·͠ΐ͏
• ΞΧϯτݸผʹ salt Λ༻ҙ͢Δ
• ҉߸తٖࣅཚੜث (CSPRNG) Ͱ salt Λੜ͢Δ
• SecureRandom
• ҉߸ֶతϋογϡؔΛར༻͢Δ
• PBKDF2WithHmacSHA*
• ετϨονϯά͢Δ
• PBEKeySpec
Slide 43
Slide 43 text
5IBOLT
Slide 44
Slide 44 text
No content
Slide 45
Slide 45 text
ৄ͘͠ҎԼͷ URL Ͱʂ
http://www.smartnews.co.jp/recruit/
• iOS ΤϯδχΞ
• Android ΤϯδχΞ
• αʔόαΠυΤϯδχΞ
• ػցֶशʗࣗવݴޠॲཧΤϯδχΞ
• Web ΞϓϦέʔγϣϯΤϯδχΞ
• ࠂΤϯδχΞ
• άϩʔεϋοΫΤϯδχΞ
• ϓϩμΫςΟϏςΟΤϯδχΞ
• αϙʔτΤϯδχΞ