Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
On Password Policies
Search
Sponsored
·
Ship Features Fearlessly
Turn features on and off without deploys. Used by thousands of Ruby developers.
→
sylph01
September 19, 2017
Technology
1.6k
2
Share
On Password Policies
LT @ Agileware Drinkup, RubyKaigi 2017
sylph01
September 19, 2017
More Decks by sylph01
See All by sylph01
人命を救う技術としてのEnd-to-End暗号化とMessaging Layer Security
sylph01
3
190
Updates on MLS on Ruby (and maybe more)
sylph01
1
270
End-to-End Encryption Saves Lives. You Can Start Saving Lives With Ruby, Too (RubyConf Taiwan 2025 ver.)
sylph01
1
150
PicoRuby's Networking is Incomplete
sylph01
1
240
The Definitive? Guide To Locally Organizing RubyKaigi
sylph01
9
3k
End-to-End Encryption Saves Lives. You Can Start Saving Lives With Ruby, Too
sylph01
1
200
End-to-End Encryption Saves Lives. You Can Start Saving Lives With Ruby, Too (JP subtitles)
sylph01
2
920
Introduction to C Extensions
sylph01
3
280
"Actual" Security in Microcontroller Ruby!?
sylph01
0
230
Other Decks in Technology
See All in Technology
AI時代に、 データアナリストがデータエンジニアに異動して
jackojacko_
0
1.1k
アプリブロック機能のつくりかたと、AIとHTMLの不合理な相性の良さについて
kumamotone
1
260
Gaussian Splattingの実用化 - 映像制作への展開
gpuunite_official
0
210
TypeScriptで実現する既存APIを活用したリモートMCPサーバー構築 / TSKaigi 2026
soarteclab
0
150
[みん強]AIの価値を最大化するデータ基盤戦略:Self-Service型Data Meshへの転換とAgentic AI Meshに向けた取り組み with Snowflake他
y_matsubara
1
160
GitHub Copilot CLI で考える複数エージェント設計
tomokusaba
0
140
マンション備え付けのネットワークとLTE回線を組み合わせた ネットワークの安定化の考案
harutiro
1
140
論文紹介:Pixal3D (SIGGRAPH 2026)
tenten0727
0
620
エンタープライズの厳格な制約を開発者に意識させない:クラウドネイティブ開発基盤設計/cloudnative-kaigi-golden-path
mhrtech
0
460
エムスリーテクノロジーズ株式会社 エンジニア向け紹介資料 / M3 Technologies Company Deck
m3_engineering
0
200
実践 TanStack Start ― 新規プロダクトを開発して確立した、サーバーとクライアント境界の設計パターン / Practical TanStack Start Server-Client Boundary Patterns
kaminashi
1
140
Oracle Base Database Service 技術詳細
oracle4engineer
PRO
15
100k
Featured
See All Featured
jQuery: Nuts, Bolts and Bling
dougneiner
66
8.5k
The AI Search Optimization Roadmap by Aleyda Solis
aleyda
1
5.8k
Max Prin - Stacking Signals: How International SEO Comes Together (And Falls Apart)
techseoconnect
PRO
0
160
Abbi's Birthday
coloredviolet
2
7.6k
The Director’s Chair: Orchestrating AI for Truly Effective Learning
tmiket
1
170
The Art of Delivering Value - GDevCon NA Keynote
reverentgeek
16
2k
Skip the Path - Find Your Career Trail
mkilby
1
120
First, design no harm
axbom
PRO
2
1.2k
Connecting the Dots Between Site Speed, User Experience & Your Business [WebExpo 2025]
tammyeverts
11
910
Reflections from 52 weeks, 52 projects
jeffersonlam
356
21k
Understanding Cognitive Biases in Performance Measurement
bluesmoon
32
2.9k
Into the Great Unknown - MozCon
thekraken
41
2.5k
Transcript
On Password Policies Ryo Kajiwara @ RubyKaigi Drinkup by Agileware,
9/19/2017 Tw: @s01, GH: @sylph01
ࣗݾհ ֿݪ ཾ(Ryo Kajiwara) the IDIOT(ID + IoT) engineer Twitter:
@s01
એͦͷ1: ʰϓϩϑΣογ ϣφϧSSL/TLSʱ ಡॻձ ࣍ճ10/6(ۚ) 19:00 TLSͷ੬ऑੑΛղઆ͠ ·͢
એͦͷ2: ͷԻָஂ ԋձ 9/23 15:00- @ ޱϦϦΞ ʢ࡛ۄݝʣ ཧ݊γεςϜ࡞ͬͯ·͢ ʢ9/22·Ͱɺ·ͩؒʹ߹
͏ʂʣ ͪΖΜग़ԋ͠·͢
None
TL;DR
ύεϫʔυͷ ఆظߋ৽Λ ഇࢭͤ͞Α͏
ͦͷઓ͍ํͷ Λ͠·͢
None
NIST SP800-63B • NIST(ΞϝϦΧࠃཱඪ४ٕज़ݚڀॴ)ʹΑΔσδλϧೝূͷΨΠυ ϥΠϯ • ύεϫʔυͷఆظతͳมߋΛཁٻ͖͢Ͱͳ͍ • จࣈछͷΈ߹ΘͤΛύεϫʔυʹ՝͖͢Ͱͳ͍ •
͍ʮύεϑϨʔζʯΛ͏͜ͱ͕ਪ • ೋཁૉೝূʹSMSΛ͏ͷਪ͞Εͳ͍ • etc...
ݱͷύεϫʔυ߈ܸ • ૯Γ߈ܸ͚ͩͲϦΫΤετΛൃߦ͠·͘ΔΘ͚͡Όͳ͍ • ϋογϡΛୣ͏ • ฏจύεϫʔυͳΜͯอଘͯ͠ΔΘ͚ͳ͍ΑͶʁʁʁ
ه߸Λύεϫʔυʹ͚ͭΔΑ Γ͘͢Δ΄͏͕༗ར ΞϧϑΝϕοτେจࣈখจࣈ: 52छྨ ͦΕʹࣈ10छɾه߸16छྨΛͨ͠78छྨ ه߸ࠐΈ8ܻ: ࣈɾه߸ൈ͖10ܻ: → ഒ =
100ഒڧ͍ʂʂ
ύεϑϨʔζ͕ڧ͍ཧ༝ • ݱࡏͷࣙॻ߈ܸʮ୯Ұͷ୯ޠʯʹରͯ͠ߦ͏ • ڧ͍ࣙॻ߈ܸͦΕʹՃ͑ͯʮl33t sp34kʯͷΑ͏ͳจࣈஔ͖ ͑ͷΠϯΫϦϝϯτʹରͯ͠߈ܸΛ͢Δ • ʮෳ୯ޠͷΈ߹ΘͤʯΈ߹ΘͤΔ୯ޠ͕૿͑Δ΄Ͳ୯ ޠϕʔεͰ୳ࡧۭ͕ؒ૿͑ΔͷͰ͠ΜͲ͍
• ୯७ʹ͍ύεϫʔυʹͳΔ PerlPHPJavaScriptRubyCSchemeOCamlProlog Ͱेڧ͍ɻ
ҰํͰʮه߸ΛΘͤΔͳʯ Ͱͳ͍ • બࢶڱΊΔͱ୳ࡧۭؒখ͘͞ͳͬͯࢮ͵ɻ • ࡾඛ౦ژUFJۜߦͷΫϨδοτΧʔυͷαΠτɺύεϫʔυʹେ จࣈ͑ͳ͍ΜͰ͕͢ɺ୳ࡧۭؒ૬খ͘͞ͳΔͷͰ͕͢ʼʻ
ύεϫʔυϚωʔδϟʔΛ ͓͏ ݸਓͰ͏ͳΒ1Password͕൘ɻMacͷΩʔνΣʔϯɺChromeͷΩ ʔνΣʔϯʹڧ͍ύεϫʔυΛ֮͑ͤ͞ΔͷͰΑ͍ɻ اۀͰಋೖ͢ΔͳΒIDaaSͱ͍͏ΩʔϫʔυͰ͍Ζ͍Ζग़ͯ·͢ɻ
ձࣾͷύεϫʔυϙϦγʔΛ ࡴͨ͠ • ސ٬ͷIDج൫ͱ͔ηΩϡϦςΟͷࣄΛ͍࣮͕ͯͨ͋ͬͨ͠ • ͦͷ্ͰઌఔͷΤϏσϯεΛಥ͖͚ͭͯ • ਖ਼͍͠ύεϫʔυͷ͚ํͷߨशΛͨ͠ • ҎલͷϙϦγʔͷઃఆऀͷਓʹڠྗΛಘͯແࣄύεϫʔυͷఆ
ظߋ৽Λഇࢭ
ձࣾͷύεϫʔυϙϦγʔΛ ࡴͨ͠ • ҎલͷϙϦγʔมߋISMSೝূऔಘʹΑΔͷͩͬͨ • ISMSͷೝূج४ʹʮϕετɾϓϥΫςΟεʹै͑ʯͱ͔͠ॻ ͍͓ͯΒͣɺύεϫʔυఆظมߋΛཁٻ͍ͯ͠ΔΘ͚Ͱͳ͍ • ҰํPCI-DSSʹ໌ࣔ͞Ε͍ͯΔɻPCI-DSS͕ඞཁͳΒఘΊ· ͠ΐ͏
• ϙϦγʔಋೖͷࠜڌͷূ͕ͬͯͳ͍ͷʮʮʮҋʯʯʯ
None
·ͱΊ
ύεϫʔυͷ ఆظߋ৽Λ ഇࢭͤ͞Α͏
͍ύεϫʔυ Λ͚ͭΑ͏
ύεϫʔυϚωʔδϟʔ Λ͓͏
ϙϦγʔಋೖ࣌ʹ ٞͷաఔ ͪΌΜͱͦ͏
Questions?
ࢀߟURL • NIST SP800-63B ༁൛ - https:/ /openid-foundation- japan.github.io/800-63-3/sp800-63b.ja.html •
͋ͷύεϫʔυنଇɺ࣮ࣦഊ࡞ͩͬͨ @ THE WALLSTREET JOURNAL - http:/ /jp.wsj.com/articles/ SB12199000528276883842504583318883522596550 • ඪ४ॻʹݟΔʮύεϫʔυͷఆظతมߋʯͷྺ࢙(ॻ͖͔͚์ஔ) @ nilnilઐ༻νϥγͷཪ - http:/ /d.hatena.ne.jp/nilnil/ 20131220/1387546964
sylph01
jackojacko_
kumamotone
gpuunite_official
(1).png){kind=avatar}
soarteclab
y_matsubara
tomokusaba
harutiro
tenten0727
mhrtech
.jpg){kind=avatar}
m3_engineering
kaminashi
oracle4engineer
dougneiner
aleyda
techseoconnect
coloredviolet
tmiket
reverentgeek
mkilby
axbom
tammyeverts
jeffersonlam
bluesmoon
thekraken
