Link
Embed
Share
Beginning
This slide
Copy link URL
Copy link URL
Copy iframe embed code
Copy iframe embed code
Copy javascript embed code
Copy javascript embed code
Share
Tweet
Share
Tweet
Slide 1
Slide 1 text
Java 8 ͰΔೝূܥ ौ୩java #8 2014-09-20 at BizReach @komiya_atsushi
Slide 2
Slide 2 text
͓·ͩΕ
Slide 3
Slide 3 text
,0.*:""UTVTIJ !LPNJZB@BUTVTIJ
Slide 4
Slide 4 text
No content
Slide 5
Slide 5 text
ʮੈքதͷྑ࣭ͳใΛඞཁͳਓʹૹΓಧ͚Δʯ ͨΊʹɺौ୩ɾࡩٰொͰ ʑδϟόδϟό͍ͯ͠·͢
Slide 6
Slide 6 text
ຊͷ͓
Slide 7
Slide 7 text
CZ+PTIVB/F⒎IUUQTqJDLSQDO"&T ͍͔Μͱ͍͠ཧ༝ʹΑΓ ೝূܥΛࣗ࡞͠ͳ͚Ε ͳΒͳ͘ͳͬͯ͠·ͬͨ ʜΈ͍ͨͳέʔεΛఆ
Slide 8
Slide 8 text
ೝূܥʁ
Slide 9
Slide 9 text
ೝূܥʁ
Slide 10
Slide 10 text
͜Ε ೝূܥʁ
Slide 11
Slide 11 text
͍ΘΏΔϑΥʔϜೝূͬͯͭͰ͢ ͜Ε ೝূܥʁ
Slide 12
Slide 12 text
μϝͳೝূܥ͋Δ͋Δ
Slide 13
Slide 13 text
μϝͳೝূܥ͋Δ͋Δ • ύεϫʔυΛฏจͷ·· DB ʹอଘͪ͠Ό͏
Slide 14
Slide 14 text
μϝͳೝূܥ͋Δ͋Δ • ύεϫʔυΛฏจͷ·· DB ʹอଘͪ͠Ό͏ • ύεϫʔυΛ෮ݩՄೳͳ҉߸ԽΞϧΰϦζϜͰ҉߸Խ
Slide 15
Slide 15 text
μϝͳೝূܥ͋Δ͋Δ • ύεϫʔυΛฏจͷ·· DB ʹอଘͪ͠Ό͏ • ύεϫʔυΛ෮ݩՄೳͳ҉߸ԽΞϧΰϦζϜͰ҉߸Խ • ύεϫʔυΛΦϨΦϨϋογϡؔͰϋογϡԽ
Slide 16
Slide 16 text
μϝͳೝূܥ͋Δ͋Δ • ύεϫʔυΛฏจͷ·· DB ʹอଘͪ͠Ό͏ • ύεϫʔυΛ෮ݩՄೳͳ҉߸ԽΞϧΰϦζϜͰ҉߸Խ • ύεϫʔυΛΦϨΦϨϋογϡؔͰϋογϡԽ • ύεϫʔυΛ SHA-1 ͱ͔Ͱ୯७ʹϋογϡԽ
Slide 17
Slide 17 text
μϝͳೝূܥ͋Δ͋Δ • ύεϫʔυΛฏจͷ·· DB ʹอଘͪ͠Ό͏ • ύεϫʔυΛ෮ݩՄೳͳ҉߸ԽΞϧΰϦζϜͰ҉߸Խ • ύεϫʔυΛΦϨΦϨϋογϡؔͰϋογϡԽ • ύεϫʔυΛ SHA-1 ͱ͔Ͱ୯७ʹϋογϡԽ • ύεϫʔυ + ڞ௨ salt Λ SHA-1 ͰϋογϡԽ
Slide 18
Slide 18 text
μϝͳೝূܥ͋Δ͋Δ • ύεϫʔυΛฏจͷ·· DB ʹอଘͪ͠Ό͏ • ύεϫʔυΛ෮ݩՄೳͳ҉߸ԽΞϧΰϦζϜͰ҉߸Խ • ύεϫʔυΛΦϨΦϨϋογϡؔͰϋογϡԽ • ύεϫʔυΛ SHA-1 ͱ͔Ͱ୯७ʹϋογϡԽ • ύεϫʔυ + ڞ௨ salt Λ SHA-1 ͰϋογϡԽ • ύεϫʔυ + java.util.Random#nextBytes() Ͱੜͨ͠ݸผͷ salt Λ SHA-1 ͰϋογϡԽ
Slide 19
Slide 19 text
Ͳ͏͢Ε͍͍ͷ͔ʁ
Slide 20
Slide 20 text
ؾΛ͚ͭΔ͖͜ͱ
Slide 21
Slide 21 text
ؾΛ͚ͭΔ͖͜ͱ • ΞΧϯτݸผʹ salt Λ༻ҙ͢Δ
Slide 22
Slide 22 text
ؾΛ͚ͭΔ͖͜ͱ • ΞΧϯτݸผʹ salt Λ༻ҙ͢Δ • ҉߸తٖࣅཚੜث (CSPRNG) Ͱ salt Λੜ͢Δ
Slide 23
Slide 23 text
ؾΛ͚ͭΔ͖͜ͱ • ΞΧϯτݸผʹ salt Λ༻ҙ͢Δ • ҉߸తٖࣅཚੜث (CSPRNG) Ͱ salt Λੜ͢Δ • /dev/random, /dev/urandom, etc.
Slide 24
Slide 24 text
ؾΛ͚ͭΔ͖͜ͱ • ΞΧϯτݸผʹ salt Λ༻ҙ͢Δ • ҉߸తٖࣅཚੜث (CSPRNG) Ͱ salt Λੜ͢Δ • /dev/random, /dev/urandom, etc. • ҉߸ֶతϋογϡؔΛར༻͢Δ
Slide 25
Slide 25 text
ؾΛ͚ͭΔ͖͜ͱ • ΞΧϯτݸผʹ salt Λ༻ҙ͢Δ • ҉߸తٖࣅཚੜث (CSPRNG) Ͱ salt Λੜ͢Δ • /dev/random, /dev/urandom, etc. • ҉߸ֶతϋογϡؔΛར༻͢Δ • MD5, SHA-1, SHA-512, etc.
Slide 26
Slide 26 text
ؾΛ͚ͭΔ͖͜ͱ • ΞΧϯτݸผʹ salt Λ༻ҙ͢Δ • ҉߸తٖࣅཚੜث (CSPRNG) Ͱ salt Λੜ͢Δ • /dev/random, /dev/urandom, etc. • ҉߸ֶతϋογϡؔΛར༻͢Δ • MD5, SHA-1, SHA-512, etc. • ετϨονϯά͢Δ
Slide 27
Slide 27 text
Java 8 ͰͬͯΈΑ͏
Slide 28
Slide 28 text
Java Cryptography Architecture Oracle Providers Documentation • Java 7 : http://docs.oracle.com/javase/7/docs/ technotes/guides/security/SunProviders.html • Java 8 : http://docs.oracle.com/javase/8/docs/ technotes/guides/security/SunProviders.html
Slide 29
Slide 29 text
҉߸తٖࣅཚੜثͰ salt Λੜ͢Δ
Slide 30
Slide 30 text
SecureRandom#nextBytes()
Slide 31
Slide 31 text
҉߸తٖࣅཚੜثͷ࣮ • Java 7 Ҏલ͔Βଘࡏ & શϓϥοτϑΥʔϜαϙʔτ • SHA1PRNG • Java 8 Ҏ߱ & Solaris / Linux / OS X ͷΈαϙʔτ • NativePRNG • NativePRNGBlocking • NativePRNGNonBlocking
Slide 32
Slide 32 text
PBKDF2 ͰετϨονϯάͨ͠ϋογϡΛಘΔ
Slide 33
Slide 33 text
new PBEKeySpec( ύεϫʔυ, ιϧτ, ܁Γฦ͠ճ, Ωʔ)
Slide 34
Slide 34 text
new PBEKeySpec( ύεϫʔυ, ιϧτ, ܁Γฦ͠ճ, Ωʔ) ετϨονϯά
Slide 35
Slide 35 text
ετϨονϯά • ܁Γฦ͠ճͷઃఆ • CPU ϦιʔεΛফඅ͢Δ͜ͱʹҙ • DoS ߈ܸͷखஈʹͳΓ͏Δ • ࢀߟ : 1Password • https://learn2.agilebits.com/1Password4/Security/PBKDF2- overview.html • 10,000 ճΒ͍͠
Slide 36
Slide 36 text
SecretKeyFactory .getInstance()
Slide 37
Slide 37 text
DES DESede PBEWithMD5AndDES PBEWithMD5AndTripleDES PBEWithSHA1AndDESede PBEWithSHA1AndRC2_40 PBKDF2WithHmacSHA1 DES DESede PBEWithMD5AndDES PBEWithMD5AndTripleDES PBEWithSHA1AndDESede PBEWithSHA1AndRC2_40 PBEWithSHA1AndRC2_128 PBEWithSHA1AndRC4_40 PBEWithSHA1AndRC4_128 PBKDF2WithHmacSHA1 PBKDF2WithHmacSHA224 PBKDF2WithHmacSHA256 PBKDF2WithHmacSHA384 PBKDF2WithHmacSHA512 PBEWithHmacSHA1AndAES_128 PBEWithHmacSHA224AndAES_128 PBEWithHmacSHA256AndAES_128 PBEWithHmacSHA384AndAES_128 PBEWithHmacSHA512AndAES_128 PBEWithHmacSHA1AndAES_256 PBEWithHmacSHA224AndAES_256 PBEWithHmacSHA256AndAES_256 PBEWithHmacSHA384AndAES_256 PBEWithHmacSHA512AndAES_256 +BWB +BWB
Slide 38
Slide 38 text
DES DESede PBEWithMD5AndDES PBEWithMD5AndTripleDES PBEWithSHA1AndDESede PBEWithSHA1AndRC2_40 PBKDF2WithHmacSHA1 DES DESede PBEWithMD5AndDES PBEWithMD5AndTripleDES PBEWithSHA1AndDESede PBEWithSHA1AndRC2_40 PBEWithSHA1AndRC2_128 PBEWithSHA1AndRC4_40 PBEWithSHA1AndRC4_128 PBKDF2WithHmacSHA1 PBKDF2WithHmacSHA224 PBKDF2WithHmacSHA256 PBKDF2WithHmacSHA384 PBKDF2WithHmacSHA512 PBEWithHmacSHA1AndAES_128 PBEWithHmacSHA224AndAES_128 PBEWithHmacSHA256AndAES_128 PBEWithHmacSHA384AndAES_128 PBEWithHmacSHA512AndAES_128 PBEWithHmacSHA1AndAES_256 PBEWithHmacSHA224AndAES_256 PBEWithHmacSHA256AndAES_256 PBEWithHmacSHA384AndAES_256 PBEWithHmacSHA512AndAES_256 +BWB +BWB
Slide 39
Slide 39 text
https://gist.github.com/ komiya-atsushi/ 6ffac79533c3bfad8bba
Slide 40
Slide 40 text
·ͱΊ
Slide 41
Slide 41 text
͜͜·Ͱॻ͍͓͍ͯͯͳΜͰ͕͢ • ೝূܥͷࣗ࡞Ί·͠ΐ͏ • ʮṷṷʯ • ʢͬͨ͜ͱͳ͍Ͱ͕͢ʣApache Shiro ͱ͔ Spring Security ͱ͔͏ͱ͍͍Μ͡Όͳ͍Ͱ͔͢Ͷʁ • “Apache Shiro ΛͬͯΈͨ” http://www.slideshare.net/chonaso/java-apache- shiro
Slide 42
Slide 42 text
େਓͷࣄͰೝূܥΛࣗ࡞͠ͳ͖Ό ͍͚ͳ͍ͱ͖ • ҎԼΛ͖ͪΜͱҙࣝͯ͠࡞ΔΑ͏ʹ͠·͠ΐ͏ • ΞΧϯτݸผʹ salt Λ༻ҙ͢Δ • ҉߸తٖࣅཚੜث (CSPRNG) Ͱ salt Λੜ͢Δ • SecureRandom • ҉߸ֶతϋογϡؔΛར༻͢Δ • PBKDF2WithHmacSHA* • ετϨονϯά͢Δ • PBEKeySpec
Slide 43
Slide 43 text
5IBOLT
Slide 44
Slide 44 text
No content
Slide 45
Slide 45 text
ৄ͘͠ҎԼͷ URL Ͱʂ http://www.smartnews.co.jp/recruit/ • iOS ΤϯδχΞ • Android ΤϯδχΞ • αʔόαΠυΤϯδχΞ • ػցֶशʗࣗવݴޠॲཧΤϯδχΞ • Web ΞϓϦέʔγϣϯΤϯδχΞ • ࠂΤϯδχΞ • άϩʔεϋοΫΤϯδχΞ • ϓϩμΫςΟϏςΟΤϯδχΞ • αϙʔτΤϯδχΞ