Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
On Password Policies
Search
sylph01
September 19, 2017
Technology
2
1.5k
On Password Policies
LT @ Agileware Drinkup, RubyKaigi 2017
sylph01
September 19, 2017
Tweet
Share
More Decks by sylph01
See All by sylph01
The Definitive? Guide To Locally Organizing RubyKaigi
sylph01
6
1.5k
End-to-End Encryption Saves Lives. You Can Start Saving Lives With Ruby, Too
sylph01
1
100
End-to-End Encryption Saves Lives. You Can Start Saving Lives With Ruby, Too (JP subtitles)
sylph01
2
490
Introduction to C Extensions
sylph01
3
200
"Actual" Security in Microcontroller Ruby!?
sylph01
0
140
Everyone Now Understands AuthZ/AuthN and Encryption Perfectly and I'm Gonna Lose My Job
sylph01
1
64
Updates on PicoRuby Networking, HPKE (and maybe more)
sylph01
1
300
Adding Security to Microcontroller Ruby
sylph01
3
3.6k
Secure Messaging at IETF 118
sylph01
0
110
Other Decks in Technology
See All in Technology
Autify Company Deck
autifyhq
2
44k
CDK Vibe Coding Fes
tomoki10
1
630
United™️ Airlines®️ Customer®️ USA Contact Numbers: Complete 2025 Support Guide
flyunitedguide
0
800
PHPからはじめるコンピュータアーキテクチャ / From Scripts to Silicon: A Journey Through the Layers of Computing
tomzoh
2
120
united airlines ™®️ USA Contact Numbers: Complete 2025 Support Guide
flyunitedhelp
1
470
CDKコード品質UP!ナイスな自作コンストラクタを作るための便利インターフェース
harukasakihara
2
230
Bill One 開発エンジニア 紹介資料
sansan33
PRO
4
13k
Talk to Someone At Delta Airlines™️ USA Contact Numbers
travelcarecenter
0
160
毎晩の 負荷試験自動実行による効果
recruitengineers
PRO
5
180
Data Engineering Study#30 LT資料
tetsuroito
1
180
Amplify Gen2から知るAWS CDK Toolkit Libraryの使い方/How to use the AWS CDK Toolkit Library as known from Amplify Gen2
fossamagna
1
350
ゼロから始めるSREの事業貢献 - 生成AI時代のSRE成長戦略と実践 / Starting SRE from Day One
shinyorke
PRO
0
110
Featured
See All Featured
Reflections from 52 weeks, 52 projects
jeffersonlam
351
21k
Dealing with People You Can't Stand - Big Design 2015
cassininazir
367
26k
Balancing Empowerment & Direction
lara
1
450
CoffeeScript is Beautiful & I Never Want to Write Plain JavaScript Again
sstephenson
161
15k
Building Better People: How to give real-time feedback that sticks.
wjessup
367
19k
Building Applications with DynamoDB
mza
95
6.5k
Easily Structure & Communicate Ideas using Wireframe
afnizarnur
194
16k
GraphQLとの向き合い方2022年版
quramy
49
14k
Six Lessons from altMBA
skipperchong
28
3.9k
Become a Pro
speakerdeck
PRO
29
5.4k
Site-Speed That Sticks
csswizardry
10
700
Designing for humans not robots
tammielis
253
25k
Transcript
On Password Policies Ryo Kajiwara @ RubyKaigi Drinkup by Agileware,
9/19/2017 Tw: @s01, GH: @sylph01
ࣗݾհ ֿݪ ཾ(Ryo Kajiwara) the IDIOT(ID + IoT) engineer Twitter:
@s01
એͦͷ1: ʰϓϩϑΣογ ϣφϧSSL/TLSʱ ಡॻձ ࣍ճ10/6(ۚ) 19:00 TLSͷ੬ऑੑΛղઆ͠ ·͢
એͦͷ2: ͷԻָஂ ԋձ 9/23 15:00- @ ޱϦϦΞ ʢ࡛ۄݝʣ ཧ݊γεςϜ࡞ͬͯ·͢ ʢ9/22·Ͱɺ·ͩؒʹ߹
͏ʂʣ ͪΖΜग़ԋ͠·͢
None
TL;DR
ύεϫʔυͷ ఆظߋ৽Λ ഇࢭͤ͞Α͏
ͦͷઓ͍ํͷ Λ͠·͢
None
NIST SP800-63B • NIST(ΞϝϦΧࠃཱඪ४ٕज़ݚڀॴ)ʹΑΔσδλϧೝূͷΨΠυ ϥΠϯ • ύεϫʔυͷఆظతͳมߋΛཁٻ͖͢Ͱͳ͍ • จࣈछͷΈ߹ΘͤΛύεϫʔυʹ՝͖͢Ͱͳ͍ •
͍ʮύεϑϨʔζʯΛ͏͜ͱ͕ਪ • ೋཁૉೝূʹSMSΛ͏ͷਪ͞Εͳ͍ • etc...
ݱͷύεϫʔυ߈ܸ • ૯Γ߈ܸ͚ͩͲϦΫΤετΛൃߦ͠·͘ΔΘ͚͡Όͳ͍ • ϋογϡΛୣ͏ • ฏจύεϫʔυͳΜͯอଘͯ͠ΔΘ͚ͳ͍ΑͶʁʁʁ
ه߸Λύεϫʔυʹ͚ͭΔΑ Γ͘͢Δ΄͏͕༗ར ΞϧϑΝϕοτେจࣈখจࣈ: 52छྨ ͦΕʹࣈ10छɾه߸16छྨΛͨ͠78छྨ ه߸ࠐΈ8ܻ: ࣈɾه߸ൈ͖10ܻ: → ഒ =
100ഒڧ͍ʂʂ
ύεϑϨʔζ͕ڧ͍ཧ༝ • ݱࡏͷࣙॻ߈ܸʮ୯Ұͷ୯ޠʯʹରͯ͠ߦ͏ • ڧ͍ࣙॻ߈ܸͦΕʹՃ͑ͯʮl33t sp34kʯͷΑ͏ͳจࣈஔ͖ ͑ͷΠϯΫϦϝϯτʹରͯ͠߈ܸΛ͢Δ • ʮෳ୯ޠͷΈ߹ΘͤʯΈ߹ΘͤΔ୯ޠ͕૿͑Δ΄Ͳ୯ ޠϕʔεͰ୳ࡧۭ͕ؒ૿͑ΔͷͰ͠ΜͲ͍
• ୯७ʹ͍ύεϫʔυʹͳΔ PerlPHPJavaScriptRubyCSchemeOCamlProlog Ͱेڧ͍ɻ
ҰํͰʮه߸ΛΘͤΔͳʯ Ͱͳ͍ • બࢶڱΊΔͱ୳ࡧۭؒখ͘͞ͳͬͯࢮ͵ɻ • ࡾඛ౦ژUFJۜߦͷΫϨδοτΧʔυͷαΠτɺύεϫʔυʹେ จࣈ͑ͳ͍ΜͰ͕͢ɺ୳ࡧۭؒ૬খ͘͞ͳΔͷͰ͕͢ʼʻ
ύεϫʔυϚωʔδϟʔΛ ͓͏ ݸਓͰ͏ͳΒ1Password͕൘ɻMacͷΩʔνΣʔϯɺChromeͷΩ ʔνΣʔϯʹڧ͍ύεϫʔυΛ֮͑ͤ͞ΔͷͰΑ͍ɻ اۀͰಋೖ͢ΔͳΒIDaaSͱ͍͏ΩʔϫʔυͰ͍Ζ͍Ζग़ͯ·͢ɻ
ձࣾͷύεϫʔυϙϦγʔΛ ࡴͨ͠ • ސ٬ͷIDج൫ͱ͔ηΩϡϦςΟͷࣄΛ͍࣮͕ͯͨ͋ͬͨ͠ • ͦͷ্ͰઌఔͷΤϏσϯεΛಥ͖͚ͭͯ • ਖ਼͍͠ύεϫʔυͷ͚ํͷߨशΛͨ͠ • ҎલͷϙϦγʔͷઃఆऀͷਓʹڠྗΛಘͯແࣄύεϫʔυͷఆ
ظߋ৽Λഇࢭ
ձࣾͷύεϫʔυϙϦγʔΛ ࡴͨ͠ • ҎલͷϙϦγʔมߋISMSೝূऔಘʹΑΔͷͩͬͨ • ISMSͷೝূج४ʹʮϕετɾϓϥΫςΟεʹै͑ʯͱ͔͠ॻ ͍͓ͯΒͣɺύεϫʔυఆظมߋΛཁٻ͍ͯ͠ΔΘ͚Ͱͳ͍ • ҰํPCI-DSSʹ໌ࣔ͞Ε͍ͯΔɻPCI-DSS͕ඞཁͳΒఘΊ· ͠ΐ͏
• ϙϦγʔಋೖͷࠜڌͷূ͕ͬͯͳ͍ͷʮʮʮҋʯʯʯ
None
·ͱΊ
ύεϫʔυͷ ఆظߋ৽Λ ഇࢭͤ͞Α͏
͍ύεϫʔυ Λ͚ͭΑ͏
ύεϫʔυϚωʔδϟʔ Λ͓͏
ϙϦγʔಋೖ࣌ʹ ٞͷաఔ ͪΌΜͱͦ͏
Questions?
ࢀߟURL • NIST SP800-63B ༁൛ - https:/ /openid-foundation- japan.github.io/800-63-3/sp800-63b.ja.html •
͋ͷύεϫʔυنଇɺ࣮ࣦഊ࡞ͩͬͨ @ THE WALLSTREET JOURNAL - http:/ /jp.wsj.com/articles/ SB12199000528276883842504583318883522596550 • ඪ४ॻʹݟΔʮύεϫʔυͷఆظతมߋʯͷྺ࢙(ॻ͖͔͚์ஔ) @ nilnilઐ༻νϥγͷཪ - http:/ /d.hatena.ne.jp/nilnil/ 20131220/1387546964