Upgrade to Pro — share decks privately, control downloads, hide ads and more …

On Password Policies

Avatar for sylph01 sylph01
September 19, 2017
Technology
1.6k
2

On Password Policies

LT @ Agileware Drinkup, RubyKaigi 2017

Avatar for sylph01

sylph01

September 19, 2017

More Decks by sylph01

See All by sylph01
人命を救う技術としてのEnd-to-End暗号化とMessaging Layer Security
Avatar for sylph01 sylph01
3
160
Updates on MLS on Ruby (and maybe more)
Avatar for sylph01 sylph01
1
250
End-to-End Encryption Saves Lives. You Can Start Saving Lives With Ruby, Too (RubyConf Taiwan 2025 ver.)
Avatar for sylph01 sylph01
1
140
PicoRuby's Networking is Incomplete
Avatar for sylph01 sylph01
1
190
The Definitive? Guide To Locally Organizing RubyKaigi
Avatar for sylph01 sylph01
9
2.7k
End-to-End Encryption Saves Lives. You Can Start Saving Lives With Ruby, Too
Avatar for sylph01 sylph01
1
180
End-to-End Encryption Saves Lives. You Can Start Saving Lives With Ruby, Too (JP subtitles)
Avatar for sylph01 sylph01
2
880
Introduction to C Extensions
Avatar for sylph01 sylph01
3
270
"Actual" Security in Microcontroller Ruby!?
Avatar for sylph01 sylph01
0
210

Other Decks in Technology

See All in Technology
ブラックボックス化したMLシステムのVertex AI移行 / mlops_community_62
Avatar for Visional Engineering & Design visional_engineering_and_design
1
260
The essence of decision-making lies in primary data
Avatar for 株式会社カミナシ kaminashi
0
230
制約を設計する - 非決定性との境界線 / Designing constraints
Avatar for soudai sone soudai
PRO
4
890
Zephyr(RTOS)でARMとRISC-Vのコア間通信をしてみた
Avatar for misoji engineer iotengineer22
0
120
契約書からの情報抽出を行うLLMのスループットを、バッチ処理を用いて最大40%改善した話
Avatar for SansanTech sansantech
PRO
3
340
「できない」のアウトプット 同人誌『精神を壊してからの』シリーズ出版を 通して得られたこと
Avatar for comi comi190327
3
530
来期の評価で変えようと思っていること 〜AI時代に変わること・変わらないこと〜
Avatar for estie | エスティ estie
0
130
スクラムを支える内部品質の話
Avatar for IIJ_PR iij_pr
0
180
脳が溶けた話 / Melted Brain
Avatar for Keisuke69 keisuke69
1
1.2k
バックオフィスPJのPjMをコーポレートITが担うとうまくいく3つの理由
Avatar for chama yueda256
1
160
OpenClaw初心者向けセミナー / OpenClaw Beginner Seminar
Avatar for hiranofumio cmhiranofumio
0
230
MCPで決済に楽にする
Avatar for mu7889yoon / Yuta Nakamura mu7889yoon
0
170

Featured

See All Featured
The Hidden Cost of Media on the Web [PixelPalooza 2025]
Avatar for Tammy Everts tammyeverts
2
260
Have SEOs Ruined the Internet? - User Awareness of SEO in 2025
Avatar for Akash Hashmi akashhashmi
0
300
Navigating Algorithm Shifts & AI Overviews - #SMXNext
Avatar for Aleyda Solis aleyda
1
1.2k
Accessibility Awareness
Avatar for Sarah Abderemane sabderemane
0
89
How to train your dragon (web standard)
Avatar for Monica Dinculescu notwaldorf
97
6.6k
Distributed Sagas: A Protocol for Coordinating Microservices
Avatar for Caitie McCaffrey caitiem20
333
22k
The B2B funnel & how to create a winning content strategy
Avatar for Katarina Dahlin katarinadahlin
PRO
1
320
Leveraging Curiosity to Care for An Aging Population
Avatar for Cassini Nazir cassininazir
1
210
Optimizing for Happiness
Avatar for Tom Preston-Werner mojombo
378
71k
The Pragmatic Product Professional
Avatar for Laura Van Doore lauravandoore
37
7.2k
AI: The stuff that nobody shows you
Avatar for John Nunemaker jnunemaker
PRO
4
500
Making Projects Easy
Avatar for Brett Harned brettharned
120
6.6k

Transcript

  1. On Password Policies Ryo Kajiwara @ RubyKaigi Drinkup by Agileware,

    9/19/2017 Tw: @s01, GH: @sylph01

  2. ࣗݾ঺հ ֿݪ ཾ(Ryo Kajiwara) the IDIOT(ID + IoT) engineer Twitter:

    @s01

  3. એ఻ͦͷ1: ʰϓϩϑΣογ ϣφϧSSL/TLSʱ ಡॻձ ࣍ճ͸10/6(ۚ) 19:00 TLSͷ੬ऑੑΛղઆ͠ ·͢

  4. એ఻ͦͷ2: ਑ͷԻָஂ ԋ૗ձ 9/23 15:00- @ ઒ޱϦϦΞ ʢ࡛ۄݝʣ ੔ཧ݊γεςϜ࡞ͬͯ·͢ ʢ9/22·Ͱɺ·ͩؒʹ߹

    ͏ʂʣ ΋ͪΖΜग़ԋ΋͠·͢
  5. None

  6. TL;DR

  7. ύεϫʔυͷ ఆظߋ৽Λ ഇࢭͤ͞Α͏

  8. ͦͷઓ͍ํͷ ࿩Λ͠·͢

  9. None

  10. NIST SP800-63B • NIST(ΞϝϦΧࠃཱඪ४ٕज़ݚڀॴ)ʹΑΔσδλϧೝূͷΨΠυ ϥΠϯ • ύεϫʔυͷఆظతͳมߋΛཁٻ͢΂͖Ͱͳ͍ • จࣈछͷ૊Έ߹ΘͤΛύεϫʔυʹ՝͢΂͖Ͱͳ͍ •

    ௕͍ʮύεϑϨʔζʯΛ࢖͏͜ͱ͕ਪ঑ • ೋཁૉೝূʹSMSΛ࢖͏ͷ͸ਪ঑͞Εͳ͍ • etc...

  11. ݱ୅ͷύεϫʔυ߈ܸ • ૯౰Γ߈ܸ͚ͩͲϦΫΤετΛൃߦ͠·͘ΔΘ͚͡Όͳ͍ • ϋογϡ஋Λୣ͏ • ฏจύεϫʔυͳΜͯอଘͯ͠ΔΘ͚ͳ͍ΑͶʁʁʁ

  12. ه߸Λύεϫʔυʹ͚ͭΔΑ Γ௕͘͢Δ΄͏͕༗ར ΞϧϑΝϕοτେจࣈখจࣈ: 52छྨ ͦΕʹ਺ࣈ10छɾه߸16छྨΛ଍ͨ͠78छྨ ه߸ࠐΈ8ܻ: ਺ࣈɾه߸ൈ͖10ܻ: → ഒ =

    100ഒڧ͍ʂʂ

  13. ύεϑϨʔζ͕ڧ͍ཧ༝ • ݱࡏͷࣙॻ߈ܸ͸ʮ୯Ұͷ୯ޠʯʹରͯ͠ߦ͏ • ڧ͍ࣙॻ߈ܸ͸ͦΕʹՃ͑ͯʮl33t sp34kʯͷΑ͏ͳจࣈஔ͖׵ ͑΍਺஋ͷΠϯΫϦϝϯτʹରͯ͠΋߈ܸΛ͢Δ • ʮෳ਺୯ޠͷ૊Έ߹Θͤʯ͸૊Έ߹ΘͤΔ୯ޠ͕૿͑Δ΄Ͳ୯ ޠϕʔεͰ΋୳ࡧۭ͕ؒ૿͑ΔͷͰ͠ΜͲ͍

    • ୯७ʹ௕͍ύεϫʔυʹͳΔ PerlPHPJavaScriptRubyCSchemeOCamlProlog Ͱ΋े෼ڧ͍ɻ

  14. ҰํͰʮه߸Λ࢖ΘͤΔͳʯ Ͱ͸ͳ͍ • બ୒ࢶڱΊΔͱ୳ࡧۭؒখ͘͞ͳͬͯࢮ͵ɻ • ࡾඛ౦ژUFJۜߦͷΫϨδοτΧʔυͷαΠτɺύεϫʔυʹେ จࣈ࢖͑ͳ͍ΜͰ͕͢ɺ୳ࡧۭؒ૬౰খ͘͞ͳΔͷͰ͕͢ʼʻ

  15. ύεϫʔυϚωʔδϟʔΛ࢖ ͓͏ ݸਓͰ࢖͏ͳΒ1Password͕൘ɻMacͷΩʔνΣʔϯɺChromeͷΩ ʔνΣʔϯʹڧ͍ύεϫʔυΛ֮͑ͤ͞ΔͷͰ΋Α͍ɻ اۀͰಋೖ͢ΔͳΒIDaaSͱ͍͏ΩʔϫʔυͰ͍Ζ͍Ζग़ͯ·͢ɻ

  16. ձࣾͷύεϫʔυϙϦγʔΛ ࡴͨ͠࿩ • ސ٬ͷIDج൫ͱ͔ηΩϡϦςΟͷ࢓ࣄΛ͍࣮ͯͨ͠੷͕͋ͬͨ • ͦͷ্ͰઌఔͷΤϏσϯεΛಥ͖͚ͭͯ • ਖ਼͍͠ύεϫʔυͷ෇͚ํͷߨशΛͨ͠ • ҎલͷϙϦγʔͷઃఆऀͷਓʹڠྗΛಘͯແࣄύεϫʔυͷఆ

    ظߋ৽Λഇࢭ

  17. ձࣾͷύεϫʔυϙϦγʔΛ ࡴͨ͠࿩ • ҎલͷϙϦγʔมߋ͸ISMSೝূऔಘʹΑΔ΋ͷͩͬͨ • ISMSͷೝূج४ʹ͸ʮϕετɾϓϥΫςΟεʹै͑ʯͱ͔͠ॻ ͍͓ͯΒͣɺύεϫʔυఆظมߋΛཁٻ͍ͯ͠ΔΘ͚Ͱ͸ͳ͍ • ҰํPCI-DSSʹ͸໌ࣔ͞Ε͍ͯΔɻPCI-DSS͕ඞཁͳΒఘΊ· ͠ΐ͏

    • ϙϦγʔಋೖͷࠜڌͷূ੻͕࢒ͬͯͳ͍ͷ͸ʮʮʮҋʯʯʯ
  18. None

  19. ·ͱΊ

  20. ύεϫʔυͷ ఆظߋ৽Λ ഇࢭͤ͞Α͏

  21. ௕͍ύεϫʔυ Λ͚ͭΑ͏

  22. ύεϫʔυϚωʔδϟʔ Λ࢖͓͏

  23. ϙϦγʔಋೖ࣌ʹ͸ ٞ࿦ͷաఔ΋ ͪΌΜͱ࢒ͦ͏

  24. Questions?

  25. ࢀߟURL • NIST SP800-63B ຋༁൛ - https:/ /openid-foundation- japan.github.io/800-63-3/sp800-63b.ja.html •

    ͋ͷύεϫʔυنଇɺ࣮͸ࣦഊ࡞ͩͬͨ @ THE WALLSTREET JOURNAL - http:/ /jp.wsj.com/articles/ SB12199000528276883842504583318883522596550 • ඪ४ॻʹݟΔʮύεϫʔυͷఆظతมߋʯͷྺ࢙(ॻ͖͔͚์ஔ) @ nilnilઐ༻νϥγͷཪ - http:/ /d.hatena.ne.jp/nilnil/ 20131220/1387546964