Tweet
Tweet

Slide 1

Slide 1 text

Java 8 Ͱ଄Δೝূܥ ौ୩java #8 2014-09-20 at BizReach @komiya_atsushi

Slide 2

Slide 2 text

͓·ͩΕ

Slide 3

Slide 3 text

,0.*:""UTVTIJ !LPNJZB@BUTVTIJ

Slide 4

Slide 4 text

No content

Slide 5

Slide 5 text

ʮੈքதͷྑ࣭ͳ৘ใΛඞཁͳਓʹૹΓಧ͚Δʯ ͨΊʹɺौ୩ɾࡩٰொͰ ೔ʑδϟόδϟό͍ͯ͠·͢

Slide 6

Slide 6 text

ຊ೔ͷ͓࿩

Slide 7

Slide 7 text

CZ+PTIVB/F⒎IUUQTqJDLSQDO"&T ͍͔Μͱ΋͠೉͍ཧ༝ʹΑΓ ೝূܥΛࣗ࡞͠ͳ͚Ε͹ ͳΒͳ͘ͳͬͯ͠·ͬͨ ʜΈ͍ͨͳέʔεΛ૝ఆ

Slide 8

Slide 8 text

ೝূܥʁ

Slide 9

Slide 9 text

ೝূܥʁ

Slide 10

Slide 10 text

͜Ε ೝূܥʁ

Slide 11

Slide 11 text

͍ΘΏΔϑΥʔϜೝূͬͯ΍ͭͰ͢ ͜Ε ೝূܥʁ

Slide 12

Slide 12 text

μϝͳೝূܥ͋Δ͋Δ

Slide 13

Slide 13 text

μϝͳೝূܥ͋Δ͋Δ • ύεϫʔυΛฏจͷ·· DB ʹอଘͪ͠Ό͏

Slide 14

Slide 14 text

μϝͳೝূܥ͋Δ͋Δ • ύεϫʔυΛฏจͷ·· DB ʹอଘͪ͠Ό͏ • ύεϫʔυΛ෮ݩՄೳͳ҉߸ԽΞϧΰϦζϜͰ҉߸Խ

Slide 15

Slide 15 text

μϝͳೝূܥ͋Δ͋Δ • ύεϫʔυΛฏจͷ·· DB ʹอଘͪ͠Ό͏ • ύεϫʔυΛ෮ݩՄೳͳ҉߸ԽΞϧΰϦζϜͰ҉߸Խ • ύεϫʔυΛΦϨΦϨϋογϡؔ਺ͰϋογϡԽ

Slide 16

Slide 16 text

μϝͳೝূܥ͋Δ͋Δ • ύεϫʔυΛฏจͷ·· DB ʹอଘͪ͠Ό͏ • ύεϫʔυΛ෮ݩՄೳͳ҉߸ԽΞϧΰϦζϜͰ҉߸Խ • ύεϫʔυΛΦϨΦϨϋογϡؔ਺ͰϋογϡԽ • ύεϫʔυΛ SHA-1 ͱ͔Ͱ୯७ʹϋογϡԽ

Slide 17

Slide 17 text

μϝͳೝূܥ͋Δ͋Δ • ύεϫʔυΛฏจͷ·· DB ʹอଘͪ͠Ό͏ • ύεϫʔυΛ෮ݩՄೳͳ҉߸ԽΞϧΰϦζϜͰ҉߸Խ • ύεϫʔυΛΦϨΦϨϋογϡؔ਺ͰϋογϡԽ • ύεϫʔυΛ SHA-1 ͱ͔Ͱ୯७ʹϋογϡԽ • ύεϫʔυ + ڞ௨ salt Λ SHA-1 ͰϋογϡԽ

Slide 18

Slide 18 text

μϝͳೝূܥ͋Δ͋Δ • ύεϫʔυΛฏจͷ·· DB ʹอଘͪ͠Ό͏ • ύεϫʔυΛ෮ݩՄೳͳ҉߸ԽΞϧΰϦζϜͰ҉߸Խ • ύεϫʔυΛΦϨΦϨϋογϡؔ਺ͰϋογϡԽ • ύεϫʔυΛ SHA-1 ͱ͔Ͱ୯७ʹϋογϡԽ • ύεϫʔυ + ڞ௨ salt Λ SHA-1 ͰϋογϡԽ • ύεϫʔυ + java.util.Random#nextBytes() Ͱੜ੒ͨ͠ݸผͷ salt Λ SHA-1 ͰϋογϡԽ

Slide 19

Slide 19 text

Ͳ͏͢Ε͹͍͍ͷ͔ʁ

Slide 20

Slide 20 text

ؾΛ͚ͭΔ΂͖͜ͱ

Slide 21

Slide 21 text

ؾΛ͚ͭΔ΂͖͜ͱ • ΞΧ΢ϯτݸผʹ salt Λ༻ҙ͢Δ

Slide 22

Slide 22 text

ؾΛ͚ͭΔ΂͖͜ͱ • ΞΧ΢ϯτݸผʹ salt Λ༻ҙ͢Δ • ҉߸࿦తٖࣅཚ਺ੜ੒ث (CSPRNG) Ͱ salt Λੜ੒͢Δ

Slide 23

Slide 23 text

ؾΛ͚ͭΔ΂͖͜ͱ • ΞΧ΢ϯτݸผʹ salt Λ༻ҙ͢Δ • ҉߸࿦తٖࣅཚ਺ੜ੒ث (CSPRNG) Ͱ salt Λੜ੒͢Δ • /dev/random, /dev/urandom, etc.

Slide 24

Slide 24 text

ؾΛ͚ͭΔ΂͖͜ͱ • ΞΧ΢ϯτݸผʹ salt Λ༻ҙ͢Δ • ҉߸࿦తٖࣅཚ਺ੜ੒ث (CSPRNG) Ͱ salt Λੜ੒͢Δ • /dev/random, /dev/urandom, etc. • ҉߸ֶతϋογϡؔ਺Λར༻͢Δ

Slide 25

Slide 25 text

ؾΛ͚ͭΔ΂͖͜ͱ • ΞΧ΢ϯτݸผʹ salt Λ༻ҙ͢Δ • ҉߸࿦తٖࣅཚ਺ੜ੒ث (CSPRNG) Ͱ salt Λੜ੒͢Δ • /dev/random, /dev/urandom, etc. • ҉߸ֶతϋογϡؔ਺Λར༻͢Δ • MD5, SHA-1, SHA-512, etc.

Slide 26

Slide 26 text

ؾΛ͚ͭΔ΂͖͜ͱ • ΞΧ΢ϯτݸผʹ salt Λ༻ҙ͢Δ • ҉߸࿦తٖࣅཚ਺ੜ੒ث (CSPRNG) Ͱ salt Λੜ੒͢Δ • /dev/random, /dev/urandom, etc. • ҉߸ֶతϋογϡؔ਺Λར༻͢Δ • MD5, SHA-1, SHA-512, etc. • ετϨονϯά͢Δ

Slide 27

Slide 27 text

Java 8 Ͱ΍ͬͯΈΑ͏

Slide 28

Slide 28 text

Java Cryptography Architecture Oracle Providers Documentation • Java 7 :
 http://docs.oracle.com/javase/7/docs/ technotes/guides/security/SunProviders.html • Java 8 :
 http://docs.oracle.com/javase/8/docs/ technotes/guides/security/SunProviders.html

Slide 29

Slide 29 text

҉߸࿦తٖࣅཚ਺ੜ੒ثͰ salt Λੜ੒͢Δ

Slide 30

Slide 30 text

SecureRandom#nextBytes()

Slide 31

Slide 31 text

҉߸࿦తٖࣅཚ਺ੜ੒ثͷ࣮૷ • Java 7 Ҏલ͔Βଘࡏ & શϓϥοτϑΥʔϜαϙʔτ • SHA1PRNG • Java 8 Ҏ߱ & Solaris / Linux / OS X ͷΈαϙʔτ • NativePRNG • NativePRNGBlocking • NativePRNGNonBlocking

Slide 32

Slide 32 text

PBKDF2 ͰετϨονϯάͨ͠ϋογϡ஋ΛಘΔ

Slide 33

Slide 33 text

new PBEKeySpec( ύεϫʔυ, ιϧτ, ܁Γฦ͠ճ਺, Ωʔ௕)

Slide 34

Slide 34 text

new PBEKeySpec( ύεϫʔυ, ιϧτ, ܁Γฦ͠ճ਺, Ωʔ௕) ετϨονϯά

Slide 35

Slide 35 text

ετϨονϯά • ܁Γฦ͠ճ਺ͷઃఆ • CPU ϦιʔεΛফඅ͢Δ͜ͱʹ஫ҙ • DoS ߈ܸͷखஈʹͳΓ͏Δ • ࢀߟ : 1Password • https://learn2.agilebits.com/1Password4/Security/PBKDF2- overview.html • 10,000 ճΒ͍͠

Slide 36

Slide 36 text

SecretKeyFactory .getInstance()

Slide 37

Slide 37 text

DES DESede PBEWithMD5AndDES PBEWithMD5AndTripleDES PBEWithSHA1AndDESede PBEWithSHA1AndRC2_40 PBKDF2WithHmacSHA1 DES DESede PBEWithMD5AndDES PBEWithMD5AndTripleDES PBEWithSHA1AndDESede PBEWithSHA1AndRC2_40 PBEWithSHA1AndRC2_128 PBEWithSHA1AndRC4_40 PBEWithSHA1AndRC4_128 PBKDF2WithHmacSHA1 PBKDF2WithHmacSHA224 PBKDF2WithHmacSHA256 PBKDF2WithHmacSHA384 PBKDF2WithHmacSHA512 PBEWithHmacSHA1AndAES_128 PBEWithHmacSHA224AndAES_128 PBEWithHmacSHA256AndAES_128 PBEWithHmacSHA384AndAES_128 PBEWithHmacSHA512AndAES_128 PBEWithHmacSHA1AndAES_256 PBEWithHmacSHA224AndAES_256 PBEWithHmacSHA256AndAES_256 PBEWithHmacSHA384AndAES_256 PBEWithHmacSHA512AndAES_256 +BWB +BWB

Slide 38

Slide 38 text

DES DESede PBEWithMD5AndDES PBEWithMD5AndTripleDES PBEWithSHA1AndDESede PBEWithSHA1AndRC2_40 PBKDF2WithHmacSHA1 DES DESede PBEWithMD5AndDES PBEWithMD5AndTripleDES PBEWithSHA1AndDESede PBEWithSHA1AndRC2_40 PBEWithSHA1AndRC2_128 PBEWithSHA1AndRC4_40 PBEWithSHA1AndRC4_128 PBKDF2WithHmacSHA1 PBKDF2WithHmacSHA224 PBKDF2WithHmacSHA256 PBKDF2WithHmacSHA384 PBKDF2WithHmacSHA512 PBEWithHmacSHA1AndAES_128 PBEWithHmacSHA224AndAES_128 PBEWithHmacSHA256AndAES_128 PBEWithHmacSHA384AndAES_128 PBEWithHmacSHA512AndAES_128 PBEWithHmacSHA1AndAES_256 PBEWithHmacSHA224AndAES_256 PBEWithHmacSHA256AndAES_256 PBEWithHmacSHA384AndAES_256 PBEWithHmacSHA512AndAES_256 +BWB +BWB

Slide 39

Slide 39 text

https://gist.github.com/ komiya-atsushi/ 6ffac79533c3bfad8bba

Slide 40

Slide 40 text

·ͱΊ

Slide 41

Slide 41 text

͜͜·Ͱॻ͍͓͍ͯͯͳΜͰ͕͢ • ೝূܥͷࣗ࡞͸΍Ί·͠ΐ͏ • ʮṷ͸ṷ԰ʯ • ʢ࢖ͬͨ͜ͱͳ͍Ͱ͕͢ʣApache Shiro ͱ͔ Spring Security ͱ͔࢖͏ͱ͍͍Μ͡Όͳ͍Ͱ͔͢Ͷʁ • “Apache Shiro Λ࢖ͬͯΈͨ”
 http://www.slideshare.net/chonaso/java-apache- shiro

Slide 42

Slide 42 text

େਓͷࣄ৘ͰೝূܥΛࣗ࡞͠ͳ͖Ό ͍͚ͳ͍ͱ͖͸ • ҎԼΛ͖ͪΜͱҙࣝͯ͠࡞ΔΑ͏ʹ͠·͠ΐ͏ • ΞΧ΢ϯτݸผʹ salt Λ༻ҙ͢Δ • ҉߸࿦తٖࣅཚ਺ੜ੒ث (CSPRNG) Ͱ salt Λੜ੒͢Δ • SecureRandom • ҉߸ֶతϋογϡؔ਺Λར༻͢Δ • PBKDF2WithHmacSHA* • ετϨονϯά͢Δ • PBEKeySpec

Slide 43

Slide 43 text

5IBOLT

Slide 44

Slide 44 text

No content

Slide 45

Slide 45 text

ৄ͘͠͸ҎԼͷ URL Ͱʂ http://www.smartnews.co.jp/recruit/ • iOS ΤϯδχΞ • Android ΤϯδχΞ • αʔόαΠυΤϯδχΞ • ػցֶशʗࣗવݴޠॲཧΤϯδχΞ • Web ΞϓϦέʔγϣϯΤϯδχΞ • ޿ࠂΤϯδχΞ • άϩʔεϋοΫΤϯδχΞ • ϓϩμΫςΟϏςΟΤϯδχΞ • αϙʔτΤϯδχΞ