Slide 1

Slide 1 text

On Password Policies Ryo Kajiwara @ RubyKaigi Drinkup by Agileware, 9/19/2017 Tw: @s01, GH: @sylph01

Slide 2

Slide 2 text

ࣗݾ঺հ ֿݪ ཾ(Ryo Kajiwara) the IDIOT(ID + IoT) engineer Twitter: @s01

Slide 3

Slide 3 text

એ఻ͦͷ1: ʰϓϩϑΣογ ϣφϧSSL/TLSʱ ಡॻձ ࣍ճ͸10/6(ۚ) 19:00 TLSͷ੬ऑੑΛղઆ͠ ·͢

Slide 4

Slide 4 text

એ఻ͦͷ2: ਑ͷԻָஂ ԋ૗ձ 9/23 15:00- @ ઒ޱϦϦΞ ʢ࡛ۄݝʣ ੔ཧ݊γεςϜ࡞ͬͯ·͢ ʢ9/22·Ͱɺ·ͩؒʹ߹ ͏ʂʣ ΋ͪΖΜग़ԋ΋͠·͢

Slide 5

Slide 5 text

No content

Slide 6

Slide 6 text

TL;DR

Slide 7

Slide 7 text

ύεϫʔυͷ ఆظߋ৽Λ ഇࢭͤ͞Α͏

Slide 8

Slide 8 text

ͦͷઓ͍ํͷ ࿩Λ͠·͢

Slide 9

Slide 9 text

No content

Slide 10

Slide 10 text

NIST SP800-63B • NIST(ΞϝϦΧࠃཱඪ४ٕज़ݚڀॴ)ʹΑΔσδλϧೝূͷΨΠυ ϥΠϯ • ύεϫʔυͷఆظతͳมߋΛཁٻ͢΂͖Ͱͳ͍ • จࣈछͷ૊Έ߹ΘͤΛύεϫʔυʹ՝͢΂͖Ͱͳ͍ • ௕͍ʮύεϑϨʔζʯΛ࢖͏͜ͱ͕ਪ঑ • ೋཁૉೝূʹSMSΛ࢖͏ͷ͸ਪ঑͞Εͳ͍ • etc...

Slide 11

Slide 11 text

ݱ୅ͷύεϫʔυ߈ܸ • ૯౰Γ߈ܸ͚ͩͲϦΫΤετΛൃߦ͠·͘ΔΘ͚͡Όͳ͍ • ϋογϡ஋Λୣ͏ • ฏจύεϫʔυͳΜͯอଘͯ͠ΔΘ͚ͳ͍ΑͶʁʁʁ

Slide 12

Slide 12 text

ه߸Λύεϫʔυʹ͚ͭΔΑ Γ௕͘͢Δ΄͏͕༗ར ΞϧϑΝϕοτେจࣈখจࣈ: 52छྨ ͦΕʹ਺ࣈ10छɾه߸16छྨΛ଍ͨ͠78छྨ ه߸ࠐΈ8ܻ: ਺ࣈɾه߸ൈ͖10ܻ: → ഒ = 100ഒڧ͍ʂʂ

Slide 13

Slide 13 text

ύεϑϨʔζ͕ڧ͍ཧ༝ • ݱࡏͷࣙॻ߈ܸ͸ʮ୯Ұͷ୯ޠʯʹରͯ͠ߦ͏ • ڧ͍ࣙॻ߈ܸ͸ͦΕʹՃ͑ͯʮl33t sp34kʯͷΑ͏ͳจࣈஔ͖׵ ͑΍਺஋ͷΠϯΫϦϝϯτʹରͯ͠΋߈ܸΛ͢Δ • ʮෳ਺୯ޠͷ૊Έ߹Θͤʯ͸૊Έ߹ΘͤΔ୯ޠ͕૿͑Δ΄Ͳ୯ ޠϕʔεͰ΋୳ࡧۭ͕ؒ૿͑ΔͷͰ͠ΜͲ͍ • ୯७ʹ௕͍ύεϫʔυʹͳΔ PerlPHPJavaScriptRubyCSchemeOCamlProlog Ͱ΋े෼ڧ͍ɻ

Slide 14

Slide 14 text

ҰํͰʮه߸Λ࢖ΘͤΔͳʯ Ͱ͸ͳ͍ • બ୒ࢶڱΊΔͱ୳ࡧۭؒখ͘͞ͳͬͯࢮ͵ɻ • ࡾඛ౦ژUFJۜߦͷΫϨδοτΧʔυͷαΠτɺύεϫʔυʹେ จࣈ࢖͑ͳ͍ΜͰ͕͢ɺ୳ࡧۭؒ૬౰খ͘͞ͳΔͷͰ͕͢ʼʻ

Slide 15

Slide 15 text

ύεϫʔυϚωʔδϟʔΛ࢖ ͓͏ ݸਓͰ࢖͏ͳΒ1Password͕൘ɻMacͷΩʔνΣʔϯɺChromeͷΩ ʔνΣʔϯʹڧ͍ύεϫʔυΛ֮͑ͤ͞ΔͷͰ΋Α͍ɻ اۀͰಋೖ͢ΔͳΒIDaaSͱ͍͏ΩʔϫʔυͰ͍Ζ͍Ζग़ͯ·͢ɻ

Slide 16

Slide 16 text

ձࣾͷύεϫʔυϙϦγʔΛ ࡴͨ͠࿩ • ސ٬ͷIDج൫ͱ͔ηΩϡϦςΟͷ࢓ࣄΛ͍࣮ͯͨ͠੷͕͋ͬͨ • ͦͷ্ͰઌఔͷΤϏσϯεΛಥ͖͚ͭͯ • ਖ਼͍͠ύεϫʔυͷ෇͚ํͷߨशΛͨ͠ • ҎલͷϙϦγʔͷઃఆऀͷਓʹڠྗΛಘͯແࣄύεϫʔυͷఆ ظߋ৽Λഇࢭ

Slide 17

Slide 17 text

ձࣾͷύεϫʔυϙϦγʔΛ ࡴͨ͠࿩ • ҎલͷϙϦγʔมߋ͸ISMSೝূऔಘʹΑΔ΋ͷͩͬͨ • ISMSͷೝূج४ʹ͸ʮϕετɾϓϥΫςΟεʹै͑ʯͱ͔͠ॻ ͍͓ͯΒͣɺύεϫʔυఆظมߋΛཁٻ͍ͯ͠ΔΘ͚Ͱ͸ͳ͍ • ҰํPCI-DSSʹ͸໌ࣔ͞Ε͍ͯΔɻPCI-DSS͕ඞཁͳΒఘΊ· ͠ΐ͏ • ϙϦγʔಋೖͷࠜڌͷূ੻͕࢒ͬͯͳ͍ͷ͸ʮʮʮҋʯʯʯ

Slide 18

Slide 18 text

No content

Slide 19

Slide 19 text

·ͱΊ

Slide 20

Slide 20 text

ύεϫʔυͷ ఆظߋ৽Λ ഇࢭͤ͞Α͏

Slide 21

Slide 21 text

௕͍ύεϫʔυ Λ͚ͭΑ͏

Slide 22

Slide 22 text

ύεϫʔυϚωʔδϟʔ Λ࢖͓͏

Slide 23

Slide 23 text

ϙϦγʔಋೖ࣌ʹ͸ ٞ࿦ͷաఔ΋ ͪΌΜͱ࢒ͦ͏

Slide 24

Slide 24 text

Questions?

Slide 25

Slide 25 text

ࢀߟURL • NIST SP800-63B ຋༁൛ - https:/ /openid-foundation- japan.github.io/800-63-3/sp800-63b.ja.html • ͋ͷύεϫʔυنଇɺ࣮͸ࣦഊ࡞ͩͬͨ @ THE WALLSTREET JOURNAL - http:/ /jp.wsj.com/articles/ SB12199000528276883842504583318883522596550 • ඪ४ॻʹݟΔʮύεϫʔυͷఆظతมߋʯͷྺ࢙(ॻ͖͔͚์ஔ) @ nilnilઐ༻νϥγͷཪ - http:/ /d.hatena.ne.jp/nilnil/ 20131220/1387546964