Upgrade to Pro — share decks privately, control downloads, hide ads and more …

On Password Policies

404139d782ec666acea93dffc86e089f?s=47 sylph01
September 19, 2017
Technology
2
840

On Password Policies

LT @ Agileware Drinkup, RubyKaigi 2017

404139d782ec666acea93dffc86e089f?s=128

sylph01

September 19, 2017
Tweet

More Decks by sylph01

See All by sylph01
404139d782ec666acea93dffc86e089f?s=48 sylph01
0
180
404139d782ec666acea93dffc86e089f?s=48 sylph01
0
370
404139d782ec666acea93dffc86e089f?s=48 sylph01
1
1.7k
404139d782ec666acea93dffc86e089f?s=48 sylph01
1
42
404139d782ec666acea93dffc86e089f?s=48 sylph01
0
320
404139d782ec666acea93dffc86e089f?s=48 sylph01
0
41
404139d782ec666acea93dffc86e089f?s=48 sylph01
1
230
404139d782ec666acea93dffc86e089f?s=48 sylph01
0
330
404139d782ec666acea93dffc86e089f?s=48 sylph01
0
200

Other Decks in Technology

See All in Technology
499b0680d59a0a04c24d8f525df8a678?s=48 ayanadesu
0
350
9e7a653ed313b3da4b263a772bfc5026?s=48 clustervr
0
140
Db5e4eb410acdc06c5cee181bbd07d8a?s=48 askul
1
190
0411ad77d29734ecd0980c5b9b62848f?s=48 ch1aki
2
160
59fbf50f41bdd0ed0e3bbf27859bf99d?s=48 pg0084
1
130
4f1820553d3671ade380904a131711b9?s=48 hikiaki
0
180
4ccf6c02807d06f043a71435c48ce86a?s=48 eller86
0
120
Ff7f1f76468f46a1c5c84b9238a4b162?s=48 miyake
1
400
79b0777f41898e4c9d75d9839d4cb476?s=48 1stship
0
250
C21becdee5cd08b34c7452276e64c1fe?s=48 yamamuteki
2
620
17eb0c1a9d70a94ce95401d046375e3c?s=48 yoshiori
1
1.1k
4b2f3a64637b51e81813accbe8a98083?s=48 miura55
0
300

Featured

See All Featured
0c6fd6a08d0f898159cda7cafcacf07f?s=48 afnizarnur
176
14k
027d1ebf66cc039a0bd3b55eeadbe75d?s=48 sachag
446
36k
8081b26e05bb4354f7d65ffc34cbbd67?s=48 chriscoyier
683
180k
F29327647a9cff5c69618bae420792ea?s=48 tenderlove
53
3.5k
2bb923c57a1fdc3a2eb484bb8d565fd2?s=48 ufuk
56
5.4k
E76911cbe088e5b850d966de3fc7435b?s=48 robhawkes
52
2.8k
7edec06b5435e0dac07a353b2cc26253?s=48 geeforr
332
29k
9375a9529679f1b42b567a640d775e7d?s=48 schacon
145
6.6k
8081b26e05bb4354f7d65ffc34cbbd67?s=48 chriscoyier
779
240k
F383c6a4dc55e331bbe2987b622cee6b?s=48 stephaniewalter
260
11k
766b9746b59e6f09e280cd33cf4ed419?s=48 skipperchong
8
710
7cbd3f5f922d798cc312eaf596de7ae6?s=48 iamctodd
19
2k

Transcript

  1. On Password Policies Ryo Kajiwara @ RubyKaigi Drinkup by Agileware,

    9/19/2017 Tw: @s01, GH: @sylph01

  2. ࣗݾ঺հ ֿݪ ཾ(Ryo Kajiwara) the IDIOT(ID + IoT) engineer Twitter:

    @s01

  3. એ఻ͦͷ1: ʰϓϩϑΣογ ϣφϧSSL/TLSʱ ಡॻձ ࣍ճ͸10/6(ۚ) 19:00 TLSͷ੬ऑੑΛղઆ͠ ·͢

  4. એ఻ͦͷ2: ਑ͷԻָஂ ԋ૗ձ 9/23 15:00- @ ઒ޱϦϦΞ ʢ࡛ۄݝʣ ੔ཧ݊γεςϜ࡞ͬͯ·͢ ʢ9/22·Ͱɺ·ͩؒʹ߹

    ͏ʂʣ ΋ͪΖΜग़ԋ΋͠·͢
  5. None

  6. TL;DR

  7. ύεϫʔυͷ ఆظߋ৽Λ ഇࢭͤ͞Α͏

  8. ͦͷઓ͍ํͷ ࿩Λ͠·͢

  9. None

  10. NIST SP800-63B • NIST(ΞϝϦΧࠃཱඪ४ٕज़ݚڀॴ)ʹΑΔσδλϧೝূͷΨΠυ ϥΠϯ • ύεϫʔυͷఆظతͳมߋΛཁٻ͢΂͖Ͱͳ͍ • จࣈछͷ૊Έ߹ΘͤΛύεϫʔυʹ՝͢΂͖Ͱͳ͍ •

    ௕͍ʮύεϑϨʔζʯΛ࢖͏͜ͱ͕ਪ঑ • ೋཁૉೝূʹSMSΛ࢖͏ͷ͸ਪ঑͞Εͳ͍ • etc...

  11. ݱ୅ͷύεϫʔυ߈ܸ • ૯౰Γ߈ܸ͚ͩͲϦΫΤετΛൃߦ͠·͘ΔΘ͚͡Όͳ͍ • ϋογϡ஋Λୣ͏ • ฏจύεϫʔυͳΜͯอଘͯ͠ΔΘ͚ͳ͍ΑͶʁʁʁ

  12. ه߸Λύεϫʔυʹ͚ͭΔΑ Γ௕͘͢Δ΄͏͕༗ར ΞϧϑΝϕοτେจࣈখจࣈ: 52छྨ ͦΕʹ਺ࣈ10छɾه߸16छྨΛ଍ͨ͠78छྨ ه߸ࠐΈ8ܻ: ਺ࣈɾه߸ൈ͖10ܻ: → ഒ =

    100ഒڧ͍ʂʂ

  13. ύεϑϨʔζ͕ڧ͍ཧ༝ • ݱࡏͷࣙॻ߈ܸ͸ʮ୯Ұͷ୯ޠʯʹରͯ͠ߦ͏ • ڧ͍ࣙॻ߈ܸ͸ͦΕʹՃ͑ͯʮl33t sp34kʯͷΑ͏ͳจࣈஔ͖׵ ͑΍਺஋ͷΠϯΫϦϝϯτʹରͯ͠΋߈ܸΛ͢Δ • ʮෳ਺୯ޠͷ૊Έ߹Θͤʯ͸૊Έ߹ΘͤΔ୯ޠ͕૿͑Δ΄Ͳ୯ ޠϕʔεͰ΋୳ࡧۭ͕ؒ૿͑ΔͷͰ͠ΜͲ͍

    • ୯७ʹ௕͍ύεϫʔυʹͳΔ PerlPHPJavaScriptRubyCSchemeOCamlProlog Ͱ΋े෼ڧ͍ɻ

  14. ҰํͰʮه߸Λ࢖ΘͤΔͳʯ Ͱ͸ͳ͍ • બ୒ࢶڱΊΔͱ୳ࡧۭؒখ͘͞ͳͬͯࢮ͵ɻ • ࡾඛ౦ژUFJۜߦͷΫϨδοτΧʔυͷαΠτɺύεϫʔυʹେ จࣈ࢖͑ͳ͍ΜͰ͕͢ɺ୳ࡧۭؒ૬౰খ͘͞ͳΔͷͰ͕͢ʼʻ

  15. ύεϫʔυϚωʔδϟʔΛ࢖ ͓͏ ݸਓͰ࢖͏ͳΒ1Password͕൘ɻMacͷΩʔνΣʔϯɺChromeͷΩ ʔνΣʔϯʹڧ͍ύεϫʔυΛ֮͑ͤ͞ΔͷͰ΋Α͍ɻ اۀͰಋೖ͢ΔͳΒIDaaSͱ͍͏ΩʔϫʔυͰ͍Ζ͍Ζग़ͯ·͢ɻ

  16. ձࣾͷύεϫʔυϙϦγʔΛ ࡴͨ͠࿩ • ސ٬ͷIDج൫ͱ͔ηΩϡϦςΟͷ࢓ࣄΛ͍࣮ͯͨ͠੷͕͋ͬͨ • ͦͷ্ͰઌఔͷΤϏσϯεΛಥ͖͚ͭͯ • ਖ਼͍͠ύεϫʔυͷ෇͚ํͷߨशΛͨ͠ • ҎલͷϙϦγʔͷઃఆऀͷਓʹڠྗΛಘͯແࣄύεϫʔυͷఆ

    ظߋ৽Λഇࢭ

  17. ձࣾͷύεϫʔυϙϦγʔΛ ࡴͨ͠࿩ • ҎલͷϙϦγʔมߋ͸ISMSೝূऔಘʹΑΔ΋ͷͩͬͨ • ISMSͷೝূج४ʹ͸ʮϕετɾϓϥΫςΟεʹै͑ʯͱ͔͠ॻ ͍͓ͯΒͣɺύεϫʔυఆظมߋΛཁٻ͍ͯ͠ΔΘ͚Ͱ͸ͳ͍ • ҰํPCI-DSSʹ͸໌ࣔ͞Ε͍ͯΔɻPCI-DSS͕ඞཁͳΒఘΊ· ͠ΐ͏

    • ϙϦγʔಋೖͷࠜڌͷূ੻͕࢒ͬͯͳ͍ͷ͸ʮʮʮҋʯʯʯ
  18. None

  19. ·ͱΊ

  20. ύεϫʔυͷ ఆظߋ৽Λ ഇࢭͤ͞Α͏

  21. ௕͍ύεϫʔυ Λ͚ͭΑ͏

  22. ύεϫʔυϚωʔδϟʔ Λ࢖͓͏

  23. ϙϦγʔಋೖ࣌ʹ͸ ٞ࿦ͷաఔ΋ ͪΌΜͱ࢒ͦ͏

  24. Questions?

  25. ࢀߟURL • NIST SP800-63B ຋༁൛ - https:/ /openid-foundation- japan.github.io/800-63-3/sp800-63b.ja.html •

    ͋ͷύεϫʔυنଇɺ࣮͸ࣦഊ࡞ͩͬͨ @ THE WALLSTREET JOURNAL - http:/ /jp.wsj.com/articles/ SB12199000528276883842504583318883522596550 • ඪ४ॻʹݟΔʮύεϫʔυͷఆظతมߋʯͷྺ࢙(ॻ͖͔͚์ஔ) @ nilnilઐ༻νϥγͷཪ - http:/ /d.hatena.ne.jp/nilnil/ 20131220/1387546964