Upgrade to PRO for Only $50/Year—Limited-Time Offer! 🔥

On Password Policies

Avatar for sylph01 sylph01
September 19, 2017
Technology
2
1.5k

On Password Policies

LT @ Agileware Drinkup, RubyKaigi 2017

Avatar for sylph01

sylph01

September 19, 2017
Tweet

More Decks by sylph01

See All by sylph01
Updates on MLS on Ruby (and maybe more)
Avatar for sylph01 sylph01
1
220
End-to-End Encryption Saves Lives. You Can Start Saving Lives With Ruby, Too (RubyConf Taiwan 2025 ver.)
Avatar for sylph01 sylph01
1
110
PicoRuby's Networking is Incomplete
Avatar for sylph01 sylph01
1
100
The Definitive? Guide To Locally Organizing RubyKaigi
Avatar for sylph01 sylph01
6
1.9k
End-to-End Encryption Saves Lives. You Can Start Saving Lives With Ruby, Too
Avatar for sylph01 sylph01
1
150
End-to-End Encryption Saves Lives. You Can Start Saving Lives With Ruby, Too (JP subtitles)
Avatar for sylph01 sylph01
2
780
Introduction to C Extensions
Avatar for sylph01 sylph01
3
240
"Actual" Security in Microcontroller Ruby!?
Avatar for sylph01 sylph01
0
180
Everyone Now Understands AuthZ/AuthN and Encryption Perfectly and I'm Gonna Lose My Job
Avatar for sylph01 sylph01
1
88

Other Decks in Technology

See All in Technology
AI駆動開発の実践とその未来
Avatar for Ikko Eltociear Ashimine eltociear
1
210
IAMユーザーゼロの運用は果たして可能なのか
Avatar for Yuuki Yamashita yama3133
2
490
Oracle Cloud Infrastructure IaaS 新機能アップデート 2025/09 - 2025/11
Avatar for oracle4engineer oracle4engineer
PRO
0
160
新 Security HubがついにGA!仕組みや料金を深堀り #AWSreInvent #regrowth / AWS Security Hub Advanced GA
Avatar for MasahiroKawahara masahirokawahara
1
2.2k
評価駆動開発で不確実性を制御する - MLflow 3が支えるエージェント開発
Avatar for Databricks Japan databricksjapan
1
210
AIエージェント開発と活用を加速するワークフロー自動生成への挑戦
Avatar for shibuiwilliam shibuiwilliam
4
280
プロンプトやエージェントを自動的に作る方法
Avatar for shibuiwilliam shibuiwilliam
13
11k
初めてのDatabricks AI/BI Genie
Avatar for Takaaki Yayoi taka_aki
0
200
Databricks向けJupyter Kernelでデータサイエンティストの開発環境をAI-Readyにする / Data+AI World Tour Tokyo After Party
Avatar for GENDA genda
1
550
Power of Kiro : あなたの㌔はパワステ搭載ですか?
Avatar for r3_yamauchi r3_yamauchi
PRO
0
180
子育てで想像してなかった「見えないダメージ」 / Unforeseen "hidden burdens" of raising children.
Avatar for Pauli pauli
2
280
Database イノベーショントークを振り返る/reinvent-2025-database-innovation-talk-recap
Avatar for emi emiki
0
230

Featured

See All Featured
KATA
Avatar for Megan Lloyd mclloyd
PRO
33
15k
What's in a price? How to price your products and services
Avatar for Michael Herold michaelherold
246
13k
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
Avatar for Joe Casabona jcasabona
34
2.6k
Being A Developer After 40
Avatar for Adrian Kosmaczewski akosma
91
590k
GraphQLの誤解/rethinking-graphql
Avatar for sonatard sonatard
73
11k
Docker and Python
Avatar for Tania Allard trallard
47
3.7k
Evolution of real-time – Irina Nazarova, EuRuKo, 2024
Avatar for Irina Nazarova irinanazarova
9
1.1k
Designing Experiences People Love
Avatar for Jonathan Moore moore
143
24k
Producing Creativity
Avatar for Steve Smith orderedlist
PRO
348
40k
Improving Core Web Vitals using Speculation Rules API
Avatar for Sergey Chernyshev sergeychernyshev
21
1.3k
Practical Tips for Bootstrapping Information Extraction Pipelines
Avatar for Matthew Honnibal honnibal
25
1.6k
Rails Girls Zürich Keynote
Avatar for Gregor Martynus gr2m
95
14k

Transcript

  1. On Password Policies Ryo Kajiwara @ RubyKaigi Drinkup by Agileware,

    9/19/2017 Tw: @s01, GH: @sylph01

  2. ࣗݾ঺հ ֿݪ ཾ(Ryo Kajiwara) the IDIOT(ID + IoT) engineer Twitter:

    @s01

  3. એ఻ͦͷ1: ʰϓϩϑΣογ ϣφϧSSL/TLSʱ ಡॻձ ࣍ճ͸10/6(ۚ) 19:00 TLSͷ੬ऑੑΛղઆ͠ ·͢

  4. એ఻ͦͷ2: ਑ͷԻָஂ ԋ૗ձ 9/23 15:00- @ ઒ޱϦϦΞ ʢ࡛ۄݝʣ ੔ཧ݊γεςϜ࡞ͬͯ·͢ ʢ9/22·Ͱɺ·ͩؒʹ߹

    ͏ʂʣ ΋ͪΖΜग़ԋ΋͠·͢
  5. None

  6. TL;DR

  7. ύεϫʔυͷ ఆظߋ৽Λ ഇࢭͤ͞Α͏

  8. ͦͷઓ͍ํͷ ࿩Λ͠·͢

  9. None

  10. NIST SP800-63B • NIST(ΞϝϦΧࠃཱඪ४ٕज़ݚڀॴ)ʹΑΔσδλϧೝূͷΨΠυ ϥΠϯ • ύεϫʔυͷఆظతͳมߋΛཁٻ͢΂͖Ͱͳ͍ • จࣈछͷ૊Έ߹ΘͤΛύεϫʔυʹ՝͢΂͖Ͱͳ͍ •

    ௕͍ʮύεϑϨʔζʯΛ࢖͏͜ͱ͕ਪ঑ • ೋཁૉೝূʹSMSΛ࢖͏ͷ͸ਪ঑͞Εͳ͍ • etc...

  11. ݱ୅ͷύεϫʔυ߈ܸ • ૯౰Γ߈ܸ͚ͩͲϦΫΤετΛൃߦ͠·͘ΔΘ͚͡Όͳ͍ • ϋογϡ஋Λୣ͏ • ฏจύεϫʔυͳΜͯอଘͯ͠ΔΘ͚ͳ͍ΑͶʁʁʁ

  12. ه߸Λύεϫʔυʹ͚ͭΔΑ Γ௕͘͢Δ΄͏͕༗ར ΞϧϑΝϕοτେจࣈখจࣈ: 52छྨ ͦΕʹ਺ࣈ10छɾه߸16छྨΛ଍ͨ͠78छྨ ه߸ࠐΈ8ܻ: ਺ࣈɾه߸ൈ͖10ܻ: → ഒ =

    100ഒڧ͍ʂʂ

  13. ύεϑϨʔζ͕ڧ͍ཧ༝ • ݱࡏͷࣙॻ߈ܸ͸ʮ୯Ұͷ୯ޠʯʹରͯ͠ߦ͏ • ڧ͍ࣙॻ߈ܸ͸ͦΕʹՃ͑ͯʮl33t sp34kʯͷΑ͏ͳจࣈஔ͖׵ ͑΍਺஋ͷΠϯΫϦϝϯτʹରͯ͠΋߈ܸΛ͢Δ • ʮෳ਺୯ޠͷ૊Έ߹Θͤʯ͸૊Έ߹ΘͤΔ୯ޠ͕૿͑Δ΄Ͳ୯ ޠϕʔεͰ΋୳ࡧۭ͕ؒ૿͑ΔͷͰ͠ΜͲ͍

    • ୯७ʹ௕͍ύεϫʔυʹͳΔ PerlPHPJavaScriptRubyCSchemeOCamlProlog Ͱ΋े෼ڧ͍ɻ

  14. ҰํͰʮه߸Λ࢖ΘͤΔͳʯ Ͱ͸ͳ͍ • બ୒ࢶڱΊΔͱ୳ࡧۭؒখ͘͞ͳͬͯࢮ͵ɻ • ࡾඛ౦ژUFJۜߦͷΫϨδοτΧʔυͷαΠτɺύεϫʔυʹେ จࣈ࢖͑ͳ͍ΜͰ͕͢ɺ୳ࡧۭؒ૬౰খ͘͞ͳΔͷͰ͕͢ʼʻ

  15. ύεϫʔυϚωʔδϟʔΛ࢖ ͓͏ ݸਓͰ࢖͏ͳΒ1Password͕൘ɻMacͷΩʔνΣʔϯɺChromeͷΩ ʔνΣʔϯʹڧ͍ύεϫʔυΛ֮͑ͤ͞ΔͷͰ΋Α͍ɻ اۀͰಋೖ͢ΔͳΒIDaaSͱ͍͏ΩʔϫʔυͰ͍Ζ͍Ζग़ͯ·͢ɻ

  16. ձࣾͷύεϫʔυϙϦγʔΛ ࡴͨ͠࿩ • ސ٬ͷIDج൫ͱ͔ηΩϡϦςΟͷ࢓ࣄΛ͍࣮ͯͨ͠੷͕͋ͬͨ • ͦͷ্ͰઌఔͷΤϏσϯεΛಥ͖͚ͭͯ • ਖ਼͍͠ύεϫʔυͷ෇͚ํͷߨशΛͨ͠ • ҎલͷϙϦγʔͷઃఆऀͷਓʹڠྗΛಘͯແࣄύεϫʔυͷఆ

    ظߋ৽Λഇࢭ

  17. ձࣾͷύεϫʔυϙϦγʔΛ ࡴͨ͠࿩ • ҎલͷϙϦγʔมߋ͸ISMSೝূऔಘʹΑΔ΋ͷͩͬͨ • ISMSͷೝূج४ʹ͸ʮϕετɾϓϥΫςΟεʹै͑ʯͱ͔͠ॻ ͍͓ͯΒͣɺύεϫʔυఆظมߋΛཁٻ͍ͯ͠ΔΘ͚Ͱ͸ͳ͍ • ҰํPCI-DSSʹ͸໌ࣔ͞Ε͍ͯΔɻPCI-DSS͕ඞཁͳΒఘΊ· ͠ΐ͏

    • ϙϦγʔಋೖͷࠜڌͷূ੻͕࢒ͬͯͳ͍ͷ͸ʮʮʮҋʯʯʯ
  18. None

  19. ·ͱΊ

  20. ύεϫʔυͷ ఆظߋ৽Λ ഇࢭͤ͞Α͏

  21. ௕͍ύεϫʔυ Λ͚ͭΑ͏

  22. ύεϫʔυϚωʔδϟʔ Λ࢖͓͏

  23. ϙϦγʔಋೖ࣌ʹ͸ ٞ࿦ͷաఔ΋ ͪΌΜͱ࢒ͦ͏

  24. Questions?

  25. ࢀߟURL • NIST SP800-63B ຋༁൛ - https:/ /openid-foundation- japan.github.io/800-63-3/sp800-63b.ja.html •

    ͋ͷύεϫʔυنଇɺ࣮͸ࣦഊ࡞ͩͬͨ @ THE WALLSTREET JOURNAL - http:/ /jp.wsj.com/articles/ SB12199000528276883842504583318883522596550 • ඪ४ॻʹݟΔʮύεϫʔυͷఆظతมߋʯͷྺ࢙(ॻ͖͔͚์ஔ) @ nilnilઐ༻νϥγͷཪ - http:/ /d.hatena.ne.jp/nilnil/ 20131220/1387546964