Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
On Password Policies
Search
sylph01
September 19, 2017
Technology
2
1.5k
On Password Policies
LT @ Agileware Drinkup, RubyKaigi 2017
sylph01
September 19, 2017
Tweet
Share
More Decks by sylph01
See All by sylph01
人命を救う技術としてのEnd-to-End暗号化とMessaging Layer Security
sylph01
3
130
Updates on MLS on Ruby (and maybe more)
sylph01
1
230
End-to-End Encryption Saves Lives. You Can Start Saving Lives With Ruby, Too (RubyConf Taiwan 2025 ver.)
sylph01
1
130
PicoRuby's Networking is Incomplete
sylph01
1
140
The Definitive? Guide To Locally Organizing RubyKaigi
sylph01
9
2.5k
End-to-End Encryption Saves Lives. You Can Start Saving Lives With Ruby, Too
sylph01
1
170
End-to-End Encryption Saves Lives. You Can Start Saving Lives With Ruby, Too (JP subtitles)
sylph01
2
830
Introduction to C Extensions
sylph01
3
250
"Actual" Security in Microcontroller Ruby!?
sylph01
0
190
Other Decks in Technology
See All in Technology
FinTech SREのAWSサービス活用/Leveraging AWS Services in FinTech SRE
maaaato
0
120
toCプロダクトにおけるAI機能開発のしくじりと学び / ai-product-failures-and-learnings
rince
6
5.5k
システムのアラート調査をサポートするAI Agentの紹介/Introduction to an AI Agent for System Alert Investigation
taddy_919
2
1.7k
仕様書駆動AI開発の実践: Issue→Skill→PRテンプレで 再現性を作る
knishioka
2
560
予期せぬコストの急増を障害のように扱う――「コスト版ポストモーテム」の導入とその後の改善
muziyoshiz
1
1.4k
顧客の言葉を、そのまま信じない勇気
yamatai1212
1
320
会社紹介資料 / Sansan Company Profile
sansan33
PRO
15
400k
プロダクト成長を支える開発基盤とスケールに伴う課題
yuu26
3
1.1k
レガシー共有バッチ基盤への挑戦 - SREドリブンなリアーキテクチャリングの取り組み
tatsukoni
0
190
Introduction to Sansan, inc / Sansan Global Development Center, Inc.
sansan33
PRO
0
3k
データの整合性を保ちたいだけなんだ
shoheimitani
7
2.7k
茨城の思い出を振り返る ~CDKのセキュリティを添えて~ / 20260201 Mitsutoshi Matsuo
shift_evolve
PRO
1
170
Featured
See All Featured
Jamie Indigo - Trashchat’s Guide to Black Boxes: Technical SEO Tactics for LLMs
techseoconnect
PRO
0
54
The Illustrated Children's Guide to Kubernetes
chrisshort
51
51k
HDC tutorial
michielstock
1
350
Six Lessons from altMBA
skipperchong
29
4.1k
Everyday Curiosity
cassininazir
0
130
Embracing the Ebb and Flow
colly
88
5k
Chrome DevTools: State of the Union 2024 - Debugging React & Beyond
addyosmani
10
1.1k
So, you think you're a good person
axbom
PRO
2
1.9k
Building an army of robots
kneath
306
46k
Understanding Cognitive Biases in Performance Measurement
bluesmoon
32
2.8k
30 Presentation Tips
portentint
PRO
1
210
No one is an island. Learnings from fostering a developers community.
thoeni
21
3.6k
Transcript
On Password Policies Ryo Kajiwara @ RubyKaigi Drinkup by Agileware,
9/19/2017 Tw: @s01, GH: @sylph01
ࣗݾհ ֿݪ ཾ(Ryo Kajiwara) the IDIOT(ID + IoT) engineer Twitter:
@s01
એͦͷ1: ʰϓϩϑΣογ ϣφϧSSL/TLSʱ ಡॻձ ࣍ճ10/6(ۚ) 19:00 TLSͷ੬ऑੑΛղઆ͠ ·͢
એͦͷ2: ͷԻָஂ ԋձ 9/23 15:00- @ ޱϦϦΞ ʢ࡛ۄݝʣ ཧ݊γεςϜ࡞ͬͯ·͢ ʢ9/22·Ͱɺ·ͩؒʹ߹
͏ʂʣ ͪΖΜग़ԋ͠·͢
None
TL;DR
ύεϫʔυͷ ఆظߋ৽Λ ഇࢭͤ͞Α͏
ͦͷઓ͍ํͷ Λ͠·͢
None
NIST SP800-63B • NIST(ΞϝϦΧࠃཱඪ४ٕज़ݚڀॴ)ʹΑΔσδλϧೝূͷΨΠυ ϥΠϯ • ύεϫʔυͷఆظతͳมߋΛཁٻ͖͢Ͱͳ͍ • จࣈछͷΈ߹ΘͤΛύεϫʔυʹ՝͖͢Ͱͳ͍ •
͍ʮύεϑϨʔζʯΛ͏͜ͱ͕ਪ • ೋཁૉೝূʹSMSΛ͏ͷਪ͞Εͳ͍ • etc...
ݱͷύεϫʔυ߈ܸ • ૯Γ߈ܸ͚ͩͲϦΫΤετΛൃߦ͠·͘ΔΘ͚͡Όͳ͍ • ϋογϡΛୣ͏ • ฏจύεϫʔυͳΜͯอଘͯ͠ΔΘ͚ͳ͍ΑͶʁʁʁ
ه߸Λύεϫʔυʹ͚ͭΔΑ Γ͘͢Δ΄͏͕༗ར ΞϧϑΝϕοτେจࣈখจࣈ: 52छྨ ͦΕʹࣈ10छɾه߸16छྨΛͨ͠78छྨ ه߸ࠐΈ8ܻ: ࣈɾه߸ൈ͖10ܻ: → ഒ =
100ഒڧ͍ʂʂ
ύεϑϨʔζ͕ڧ͍ཧ༝ • ݱࡏͷࣙॻ߈ܸʮ୯Ұͷ୯ޠʯʹରͯ͠ߦ͏ • ڧ͍ࣙॻ߈ܸͦΕʹՃ͑ͯʮl33t sp34kʯͷΑ͏ͳจࣈஔ͖ ͑ͷΠϯΫϦϝϯτʹରͯ͠߈ܸΛ͢Δ • ʮෳ୯ޠͷΈ߹ΘͤʯΈ߹ΘͤΔ୯ޠ͕૿͑Δ΄Ͳ୯ ޠϕʔεͰ୳ࡧۭ͕ؒ૿͑ΔͷͰ͠ΜͲ͍
• ୯७ʹ͍ύεϫʔυʹͳΔ PerlPHPJavaScriptRubyCSchemeOCamlProlog Ͱेڧ͍ɻ
ҰํͰʮه߸ΛΘͤΔͳʯ Ͱͳ͍ • બࢶڱΊΔͱ୳ࡧۭؒখ͘͞ͳͬͯࢮ͵ɻ • ࡾඛ౦ژUFJۜߦͷΫϨδοτΧʔυͷαΠτɺύεϫʔυʹେ จࣈ͑ͳ͍ΜͰ͕͢ɺ୳ࡧۭؒ૬খ͘͞ͳΔͷͰ͕͢ʼʻ
ύεϫʔυϚωʔδϟʔΛ ͓͏ ݸਓͰ͏ͳΒ1Password͕൘ɻMacͷΩʔνΣʔϯɺChromeͷΩ ʔνΣʔϯʹڧ͍ύεϫʔυΛ֮͑ͤ͞ΔͷͰΑ͍ɻ اۀͰಋೖ͢ΔͳΒIDaaSͱ͍͏ΩʔϫʔυͰ͍Ζ͍Ζग़ͯ·͢ɻ
ձࣾͷύεϫʔυϙϦγʔΛ ࡴͨ͠ • ސ٬ͷIDج൫ͱ͔ηΩϡϦςΟͷࣄΛ͍࣮͕ͯͨ͋ͬͨ͠ • ͦͷ্ͰઌఔͷΤϏσϯεΛಥ͖͚ͭͯ • ਖ਼͍͠ύεϫʔυͷ͚ํͷߨशΛͨ͠ • ҎલͷϙϦγʔͷઃఆऀͷਓʹڠྗΛಘͯແࣄύεϫʔυͷఆ
ظߋ৽Λഇࢭ
ձࣾͷύεϫʔυϙϦγʔΛ ࡴͨ͠ • ҎલͷϙϦγʔมߋISMSೝূऔಘʹΑΔͷͩͬͨ • ISMSͷೝূج४ʹʮϕετɾϓϥΫςΟεʹै͑ʯͱ͔͠ॻ ͍͓ͯΒͣɺύεϫʔυఆظมߋΛཁٻ͍ͯ͠ΔΘ͚Ͱͳ͍ • ҰํPCI-DSSʹ໌ࣔ͞Ε͍ͯΔɻPCI-DSS͕ඞཁͳΒఘΊ· ͠ΐ͏
• ϙϦγʔಋೖͷࠜڌͷূ͕ͬͯͳ͍ͷʮʮʮҋʯʯʯ
None
·ͱΊ
ύεϫʔυͷ ఆظߋ৽Λ ഇࢭͤ͞Α͏
͍ύεϫʔυ Λ͚ͭΑ͏
ύεϫʔυϚωʔδϟʔ Λ͓͏
ϙϦγʔಋೖ࣌ʹ ٞͷաఔ ͪΌΜͱͦ͏
Questions?
ࢀߟURL • NIST SP800-63B ༁൛ - https:/ /openid-foundation- japan.github.io/800-63-3/sp800-63b.ja.html •
͋ͷύεϫʔυنଇɺ࣮ࣦഊ࡞ͩͬͨ @ THE WALLSTREET JOURNAL - http:/ /jp.wsj.com/articles/ SB12199000528276883842504583318883522596550 • ඪ४ॻʹݟΔʮύεϫʔυͷఆظతมߋʯͷྺ࢙(ॻ͖͔͚์ஔ) @ nilnilઐ༻νϥγͷཪ - http:/ /d.hatena.ne.jp/nilnil/ 20131220/1387546964
sylph01
maaaato
rince
taddy_919
knishioka
muziyoshiz
yamatai1212
sansan33
yuu26
tatsukoni
shoheimitani
shift_evolve
techseoconnect
chrisshort
michielstock
skipperchong
cassininazir
colly
addyosmani
axbom
kneath
bluesmoon
portentint
thoeni
