Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
On Password Policies
Search
sylph01
September 19, 2017
Technology
2
1.5k
On Password Policies
LT @ Agileware Drinkup, RubyKaigi 2017
sylph01
September 19, 2017
Tweet
Share
More Decks by sylph01
See All by sylph01
Updates on MLS on Ruby (and maybe more)
sylph01
1
180
End-to-End Encryption Saves Lives. You Can Start Saving Lives With Ruby, Too (RubyConf Taiwan 2025 ver.)
sylph01
1
88
PicoRuby's Networking is Incomplete
sylph01
1
43
The Definitive? Guide To Locally Organizing RubyKaigi
sylph01
6
1.6k
End-to-End Encryption Saves Lives. You Can Start Saving Lives With Ruby, Too
sylph01
1
130
End-to-End Encryption Saves Lives. You Can Start Saving Lives With Ruby, Too (JP subtitles)
sylph01
2
600
Introduction to C Extensions
sylph01
3
210
"Actual" Security in Microcontroller Ruby!?
sylph01
0
150
Everyone Now Understands AuthZ/AuthN and Encryption Perfectly and I'm Gonna Lose My Job
sylph01
1
72
Other Decks in Technology
See All in Technology
会社紹介資料 / Sansan Company Profile
sansan33
PRO
6
380k
AWSを利用する上で知っておきたい名前解決のはなし(10分版)
nagisa53
10
3.2k
DroidKaigi 2025 Androidエンジニアとしてのキャリア
mhidaka
2
390
品質視点から考える組織デザイン/Organizational Design from Quality
mii3king
0
210
5分でカオスエンジニアリングを分かった気になろう
pandayumi
0
260
MagicPod導入から半年、オープンロジQAチームで実際にやったこと
tjoko
0
110
「全員プロダクトマネージャー」を実現する、Cursorによる仕様検討の自動運転
applism118
22
12k
プラットフォーム転換期におけるGitHub Copilot活用〜Coding agentがそれを加速するか〜 / Leveraging GitHub Copilot During Platform Transition Periods
aeonpeople
1
240
Django's GeneratedField by example - DjangoCon US 2025
pauloxnet
0
160
Evolución del razonamiento matemático de GPT-4.1 a GPT-5 - Data Aventura Summit 2025 & VSCode DevDays
lauchacarro
0
210
20250912_RPALT_データを集める→とっ散らかる問題_Obsidian紹介
ratsbane666
0
100
Firestore → Spanner 移行 を成功させた段階的移行プロセス
athug
1
500
Featured
See All Featured
Build your cross-platform service in a week with App Engine
jlugia
231
18k
[Rails World 2023 - Day 1 Closing Keynote] - The Magic of Rails
eileencodes
36
2.5k
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
jcasabona
33
2.4k
Agile that works and the tools we love
rasmusluckow
330
21k
Large-scale JavaScript Application Architecture
addyosmani
513
110k
The Straight Up "How To Draw Better" Workshop
denniskardys
236
140k
The Myth of the Modular Monolith - Day 2 Keynote - Rails World 2024
eileencodes
26
3k
Helping Users Find Their Own Way: Creating Modern Search Experiences
danielanewman
29
2.9k
ReactJS: Keep Simple. Everything can be a component!
pedronauck
667
120k
The Art of Programming - Codeland 2020
erikaheidi
56
13k
Why You Should Never Use an ORM
jnunemaker
PRO
59
9.5k
For a Future-Friendly Web
brad_frost
180
9.9k
Transcript
On Password Policies Ryo Kajiwara @ RubyKaigi Drinkup by Agileware,
9/19/2017 Tw: @s01, GH: @sylph01
ࣗݾհ ֿݪ ཾ(Ryo Kajiwara) the IDIOT(ID + IoT) engineer Twitter:
@s01
એͦͷ1: ʰϓϩϑΣογ ϣφϧSSL/TLSʱ ಡॻձ ࣍ճ10/6(ۚ) 19:00 TLSͷ੬ऑੑΛղઆ͠ ·͢
એͦͷ2: ͷԻָஂ ԋձ 9/23 15:00- @ ޱϦϦΞ ʢ࡛ۄݝʣ ཧ݊γεςϜ࡞ͬͯ·͢ ʢ9/22·Ͱɺ·ͩؒʹ߹
͏ʂʣ ͪΖΜग़ԋ͠·͢
None
TL;DR
ύεϫʔυͷ ఆظߋ৽Λ ഇࢭͤ͞Α͏
ͦͷઓ͍ํͷ Λ͠·͢
None
NIST SP800-63B • NIST(ΞϝϦΧࠃཱඪ४ٕज़ݚڀॴ)ʹΑΔσδλϧೝূͷΨΠυ ϥΠϯ • ύεϫʔυͷఆظతͳมߋΛཁٻ͖͢Ͱͳ͍ • จࣈछͷΈ߹ΘͤΛύεϫʔυʹ՝͖͢Ͱͳ͍ •
͍ʮύεϑϨʔζʯΛ͏͜ͱ͕ਪ • ೋཁૉೝূʹSMSΛ͏ͷਪ͞Εͳ͍ • etc...
ݱͷύεϫʔυ߈ܸ • ૯Γ߈ܸ͚ͩͲϦΫΤετΛൃߦ͠·͘ΔΘ͚͡Όͳ͍ • ϋογϡΛୣ͏ • ฏจύεϫʔυͳΜͯอଘͯ͠ΔΘ͚ͳ͍ΑͶʁʁʁ
ه߸Λύεϫʔυʹ͚ͭΔΑ Γ͘͢Δ΄͏͕༗ར ΞϧϑΝϕοτେจࣈখจࣈ: 52छྨ ͦΕʹࣈ10छɾه߸16छྨΛͨ͠78छྨ ه߸ࠐΈ8ܻ: ࣈɾه߸ൈ͖10ܻ: → ഒ =
100ഒڧ͍ʂʂ
ύεϑϨʔζ͕ڧ͍ཧ༝ • ݱࡏͷࣙॻ߈ܸʮ୯Ұͷ୯ޠʯʹରͯ͠ߦ͏ • ڧ͍ࣙॻ߈ܸͦΕʹՃ͑ͯʮl33t sp34kʯͷΑ͏ͳจࣈஔ͖ ͑ͷΠϯΫϦϝϯτʹରͯ͠߈ܸΛ͢Δ • ʮෳ୯ޠͷΈ߹ΘͤʯΈ߹ΘͤΔ୯ޠ͕૿͑Δ΄Ͳ୯ ޠϕʔεͰ୳ࡧۭ͕ؒ૿͑ΔͷͰ͠ΜͲ͍
• ୯७ʹ͍ύεϫʔυʹͳΔ PerlPHPJavaScriptRubyCSchemeOCamlProlog Ͱेڧ͍ɻ
ҰํͰʮه߸ΛΘͤΔͳʯ Ͱͳ͍ • બࢶڱΊΔͱ୳ࡧۭؒখ͘͞ͳͬͯࢮ͵ɻ • ࡾඛ౦ژUFJۜߦͷΫϨδοτΧʔυͷαΠτɺύεϫʔυʹେ จࣈ͑ͳ͍ΜͰ͕͢ɺ୳ࡧۭؒ૬খ͘͞ͳΔͷͰ͕͢ʼʻ
ύεϫʔυϚωʔδϟʔΛ ͓͏ ݸਓͰ͏ͳΒ1Password͕൘ɻMacͷΩʔνΣʔϯɺChromeͷΩ ʔνΣʔϯʹڧ͍ύεϫʔυΛ֮͑ͤ͞ΔͷͰΑ͍ɻ اۀͰಋೖ͢ΔͳΒIDaaSͱ͍͏ΩʔϫʔυͰ͍Ζ͍Ζग़ͯ·͢ɻ
ձࣾͷύεϫʔυϙϦγʔΛ ࡴͨ͠ • ސ٬ͷIDج൫ͱ͔ηΩϡϦςΟͷࣄΛ͍࣮͕ͯͨ͋ͬͨ͠ • ͦͷ্ͰઌఔͷΤϏσϯεΛಥ͖͚ͭͯ • ਖ਼͍͠ύεϫʔυͷ͚ํͷߨशΛͨ͠ • ҎલͷϙϦγʔͷઃఆऀͷਓʹڠྗΛಘͯແࣄύεϫʔυͷఆ
ظߋ৽Λഇࢭ
ձࣾͷύεϫʔυϙϦγʔΛ ࡴͨ͠ • ҎલͷϙϦγʔมߋISMSೝূऔಘʹΑΔͷͩͬͨ • ISMSͷೝূج४ʹʮϕετɾϓϥΫςΟεʹै͑ʯͱ͔͠ॻ ͍͓ͯΒͣɺύεϫʔυఆظมߋΛཁٻ͍ͯ͠ΔΘ͚Ͱͳ͍ • ҰํPCI-DSSʹ໌ࣔ͞Ε͍ͯΔɻPCI-DSS͕ඞཁͳΒఘΊ· ͠ΐ͏
• ϙϦγʔಋೖͷࠜڌͷূ͕ͬͯͳ͍ͷʮʮʮҋʯʯʯ
None
·ͱΊ
ύεϫʔυͷ ఆظߋ৽Λ ഇࢭͤ͞Α͏
͍ύεϫʔυ Λ͚ͭΑ͏
ύεϫʔυϚωʔδϟʔ Λ͓͏
ϙϦγʔಋೖ࣌ʹ ٞͷաఔ ͪΌΜͱͦ͏
Questions?
ࢀߟURL • NIST SP800-63B ༁൛ - https:/ /openid-foundation- japan.github.io/800-63-3/sp800-63b.ja.html •
͋ͷύεϫʔυنଇɺ࣮ࣦഊ࡞ͩͬͨ @ THE WALLSTREET JOURNAL - http:/ /jp.wsj.com/articles/ SB12199000528276883842504583318883522596550 • ඪ४ॻʹݟΔʮύεϫʔυͷఆظతมߋʯͷྺ࢙(ॻ͖͔͚์ஔ) @ nilnilઐ༻νϥγͷཪ - http:/ /d.hatena.ne.jp/nilnil/ 20131220/1387546964