Upgrade to Pro — share decks privately, control downloads, hide ads and more …

On Password Policies

Sponsored · SiteGround - Reliable hosting with speed, security, and support you can count on.
Avatar for sylph01 sylph01
September 19, 2017
Technology
1.6k
2

On Password Policies

LT @ Agileware Drinkup, RubyKaigi 2017

Avatar for sylph01

sylph01

September 19, 2017

More Decks by sylph01

See All by sylph01
人命を救う技術としてのEnd-to-End暗号化とMessaging Layer Security
Avatar for sylph01 sylph01
3
220
Updates on MLS on Ruby (and maybe more)
Avatar for sylph01 sylph01
1
280
End-to-End Encryption Saves Lives. You Can Start Saving Lives With Ruby, Too (RubyConf Taiwan 2025 ver.)
Avatar for sylph01 sylph01
1
160
PicoRuby's Networking is Incomplete
Avatar for sylph01 sylph01
1
260
The Definitive? Guide To Locally Organizing RubyKaigi
Avatar for sylph01 sylph01
9
3.8k
End-to-End Encryption Saves Lives. You Can Start Saving Lives With Ruby, Too
Avatar for sylph01 sylph01
1
210
End-to-End Encryption Saves Lives. You Can Start Saving Lives With Ruby, Too (JP subtitles)
Avatar for sylph01 sylph01
2
950
Introduction to C Extensions
Avatar for sylph01 sylph01
3
290
"Actual" Security in Microcontroller Ruby!?
Avatar for sylph01 sylph01
0
240

Other Decks in Technology

See All in Technology
AWS Security Hub CSPMの成功・失敗体験
Avatar for cm-usuda-keisuke cmusudakeisuke
0
180
AIのReact習熟度を測る
Avatar for uhyo uhyo
2
640
ACE-Step-1.5で見る 音楽生成AIのしくみと“破綻だけ直す”Retake機能の開発【zennfes spring 2026 登壇資料】
Avatar for asap personabb
1
530
Chainlitで作るお手軽チャットUI
Avatar for tomo ynt0485
0
270
2026年6月23日 Syncable Tech + Start Python Club にて
Avatar for Kimikazu Kato hamukazu
0
130
Android の公式 Skill / Android skills
Avatar for Yuki Anzai yanzm
0
160
MCP Appsを作ってみよう
Avatar for iwamot iwamot
PRO
4
690
Agent Skills設計で柔軟性と硬さのバランスが難しい話
Avatar for nassy nassy20
0
140
徹底討論!ECS vs EKS!
Avatar for 高棹大樹 daitak
0
110
アジャイルな経理と Claude Code と 経営の未来
Avatar for Yasunobu Kawaguchi kawaguti
PRO
3
150
人材育成分科会.pdf
Avatar for _awache _awache
4
290
Lightning近況報告
Avatar for Koji NAKAMURA kozy4324
0
160

Featured

See All Featured
"I'm Feeling Lucky" - Building Great Search Experiences for Today's Users (#IAC19)
Avatar for Dan Newman danielanewman
230
23k
Hiding What from Whom? A Critical Review of the History of Programming languages for Music
Avatar for Tomoya Matsuura tomoyanonymous
2
860
Testing 201, or: Great Expectations
Avatar for Joseph Mastey jmmastey
46
8.2k
Taking LLMs out of the black box: A practical guide to human-in-the-loop distillation
Avatar for Ines Montani inesmontani
PRO
3
2.3k
Reflections from 52 weeks, 52 projects
Avatar for Jefferson Lam jeffersonlam
356
21k
Large-scale JavaScript Application Architecture
Avatar for Addy Osmani addyosmani
515
110k
Navigating Team Friction
Avatar for Lara Hogan lara
192
16k
Build The Right Thing And Hit Your Dates
Avatar for Maggie C. maggiecrowley
39
3.2k
Visualization
Avatar for Eitan Lees eitanlees
152
17k
The Cult of Friendly URLs
Avatar for Andy Hume andyhume
79
6.9k
30 Presentation Tips
Avatar for Ian Lurie portentint
PRO
1
330
Measuring & Analyzing Core Web Vitals
Avatar for Philip Tellis bluesmoon
9
870

Transcript

  1. On Password Policies Ryo Kajiwara @ RubyKaigi Drinkup by Agileware,

    9/19/2017 Tw: @s01, GH: @sylph01

  2. ࣗݾ঺հ ֿݪ ཾ(Ryo Kajiwara) the IDIOT(ID + IoT) engineer Twitter:

    @s01

  3. એ఻ͦͷ1: ʰϓϩϑΣογ ϣφϧSSL/TLSʱ ಡॻձ ࣍ճ͸10/6(ۚ) 19:00 TLSͷ੬ऑੑΛղઆ͠ ·͢

  4. એ఻ͦͷ2: ਑ͷԻָஂ ԋ૗ձ 9/23 15:00- @ ઒ޱϦϦΞ ʢ࡛ۄݝʣ ੔ཧ݊γεςϜ࡞ͬͯ·͢ ʢ9/22·Ͱɺ·ͩؒʹ߹

    ͏ʂʣ ΋ͪΖΜग़ԋ΋͠·͢
  5. None

  6. TL;DR

  7. ύεϫʔυͷ ఆظߋ৽Λ ഇࢭͤ͞Α͏

  8. ͦͷઓ͍ํͷ ࿩Λ͠·͢

  9. None

  10. NIST SP800-63B • NIST(ΞϝϦΧࠃཱඪ४ٕज़ݚڀॴ)ʹΑΔσδλϧೝূͷΨΠυ ϥΠϯ • ύεϫʔυͷఆظతͳมߋΛཁٻ͢΂͖Ͱͳ͍ • จࣈछͷ૊Έ߹ΘͤΛύεϫʔυʹ՝͢΂͖Ͱͳ͍ •

    ௕͍ʮύεϑϨʔζʯΛ࢖͏͜ͱ͕ਪ঑ • ೋཁૉೝূʹSMSΛ࢖͏ͷ͸ਪ঑͞Εͳ͍ • etc...

  11. ݱ୅ͷύεϫʔυ߈ܸ • ૯౰Γ߈ܸ͚ͩͲϦΫΤετΛൃߦ͠·͘ΔΘ͚͡Όͳ͍ • ϋογϡ஋Λୣ͏ • ฏจύεϫʔυͳΜͯอଘͯ͠ΔΘ͚ͳ͍ΑͶʁʁʁ

  12. ه߸Λύεϫʔυʹ͚ͭΔΑ Γ௕͘͢Δ΄͏͕༗ར ΞϧϑΝϕοτେจࣈখจࣈ: 52छྨ ͦΕʹ਺ࣈ10छɾه߸16छྨΛ଍ͨ͠78छྨ ه߸ࠐΈ8ܻ: ਺ࣈɾه߸ൈ͖10ܻ: → ഒ =

    100ഒڧ͍ʂʂ

  13. ύεϑϨʔζ͕ڧ͍ཧ༝ • ݱࡏͷࣙॻ߈ܸ͸ʮ୯Ұͷ୯ޠʯʹରͯ͠ߦ͏ • ڧ͍ࣙॻ߈ܸ͸ͦΕʹՃ͑ͯʮl33t sp34kʯͷΑ͏ͳจࣈஔ͖׵ ͑΍਺஋ͷΠϯΫϦϝϯτʹରͯ͠΋߈ܸΛ͢Δ • ʮෳ਺୯ޠͷ૊Έ߹Θͤʯ͸૊Έ߹ΘͤΔ୯ޠ͕૿͑Δ΄Ͳ୯ ޠϕʔεͰ΋୳ࡧۭ͕ؒ૿͑ΔͷͰ͠ΜͲ͍

    • ୯७ʹ௕͍ύεϫʔυʹͳΔ PerlPHPJavaScriptRubyCSchemeOCamlProlog Ͱ΋े෼ڧ͍ɻ

  14. ҰํͰʮه߸Λ࢖ΘͤΔͳʯ Ͱ͸ͳ͍ • બ୒ࢶڱΊΔͱ୳ࡧۭؒখ͘͞ͳͬͯࢮ͵ɻ • ࡾඛ౦ژUFJۜߦͷΫϨδοτΧʔυͷαΠτɺύεϫʔυʹେ จࣈ࢖͑ͳ͍ΜͰ͕͢ɺ୳ࡧۭؒ૬౰খ͘͞ͳΔͷͰ͕͢ʼʻ

  15. ύεϫʔυϚωʔδϟʔΛ࢖ ͓͏ ݸਓͰ࢖͏ͳΒ1Password͕൘ɻMacͷΩʔνΣʔϯɺChromeͷΩ ʔνΣʔϯʹڧ͍ύεϫʔυΛ֮͑ͤ͞ΔͷͰ΋Α͍ɻ اۀͰಋೖ͢ΔͳΒIDaaSͱ͍͏ΩʔϫʔυͰ͍Ζ͍Ζग़ͯ·͢ɻ

  16. ձࣾͷύεϫʔυϙϦγʔΛ ࡴͨ͠࿩ • ސ٬ͷIDج൫ͱ͔ηΩϡϦςΟͷ࢓ࣄΛ͍࣮ͯͨ͠੷͕͋ͬͨ • ͦͷ্ͰઌఔͷΤϏσϯεΛಥ͖͚ͭͯ • ਖ਼͍͠ύεϫʔυͷ෇͚ํͷߨशΛͨ͠ • ҎલͷϙϦγʔͷઃఆऀͷਓʹڠྗΛಘͯແࣄύεϫʔυͷఆ

    ظߋ৽Λഇࢭ

  17. ձࣾͷύεϫʔυϙϦγʔΛ ࡴͨ͠࿩ • ҎલͷϙϦγʔมߋ͸ISMSೝূऔಘʹΑΔ΋ͷͩͬͨ • ISMSͷೝূج४ʹ͸ʮϕετɾϓϥΫςΟεʹै͑ʯͱ͔͠ॻ ͍͓ͯΒͣɺύεϫʔυఆظมߋΛཁٻ͍ͯ͠ΔΘ͚Ͱ͸ͳ͍ • ҰํPCI-DSSʹ͸໌ࣔ͞Ε͍ͯΔɻPCI-DSS͕ඞཁͳΒఘΊ· ͠ΐ͏

    • ϙϦγʔಋೖͷࠜڌͷূ੻͕࢒ͬͯͳ͍ͷ͸ʮʮʮҋʯʯʯ
  18. None

  19. ·ͱΊ

  20. ύεϫʔυͷ ఆظߋ৽Λ ഇࢭͤ͞Α͏

  21. ௕͍ύεϫʔυ Λ͚ͭΑ͏

  22. ύεϫʔυϚωʔδϟʔ Λ࢖͓͏

  23. ϙϦγʔಋೖ࣌ʹ͸ ٞ࿦ͷաఔ΋ ͪΌΜͱ࢒ͦ͏

  24. Questions?

  25. ࢀߟURL • NIST SP800-63B ຋༁൛ - https:/ /openid-foundation- japan.github.io/800-63-3/sp800-63b.ja.html •

    ͋ͷύεϫʔυنଇɺ࣮͸ࣦഊ࡞ͩͬͨ @ THE WALLSTREET JOURNAL - http:/ /jp.wsj.com/articles/ SB12199000528276883842504583318883522596550 • ඪ४ॻʹݟΔʮύεϫʔυͷఆظతมߋʯͷྺ࢙(ॻ͖͔͚์ஔ) @ nilnilઐ༻νϥγͷཪ - http:/ /d.hatena.ne.jp/nilnil/ 20131220/1387546964