Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
On Password Policies
Search
sylph01
September 19, 2017
Technology
2
1.5k
On Password Policies
LT @ Agileware Drinkup, RubyKaigi 2017
sylph01
September 19, 2017
Tweet
Share
More Decks by sylph01
See All by sylph01
Updates on MLS on Ruby (and maybe more)
sylph01
1
180
End-to-End Encryption Saves Lives. You Can Start Saving Lives With Ruby, Too (RubyConf Taiwan 2025 ver.)
sylph01
1
88
PicoRuby's Networking is Incomplete
sylph01
1
43
The Definitive? Guide To Locally Organizing RubyKaigi
sylph01
6
1.6k
End-to-End Encryption Saves Lives. You Can Start Saving Lives With Ruby, Too
sylph01
1
130
End-to-End Encryption Saves Lives. You Can Start Saving Lives With Ruby, Too (JP subtitles)
sylph01
2
600
Introduction to C Extensions
sylph01
3
210
"Actual" Security in Microcontroller Ruby!?
sylph01
0
150
Everyone Now Understands AuthZ/AuthN and Encryption Perfectly and I'm Gonna Lose My Job
sylph01
1
72
Other Decks in Technology
See All in Technology
下手な強制、ダメ!絶対! 「ガードレール」を「檻」にさせない"ガバナンス"の取り方とは?
tsukaman
2
460
RSCの時代にReactとフレームワークの境界を探る
uhyo
10
3.5k
品質視点から考える組織デザイン/Organizational Design from Quality
mii3king
0
210
初めてAWSを使うときのセキュリティ覚書〜初心者支部編〜
cmusudakeisuke
1
280
Create Ruby native extension gem with Go
sue445
0
130
未経験者・初心者に贈る!40分でわかるAndroidアプリ開発の今と大事なポイント
operando
5
750
[ JAWS-UG 東京 CommunityBuilders Night #2 ]SlackとAmazon Q Developerで 運用効率化を模索する
sh_fk2
3
460
20250912_RPALT_データを集める→とっ散らかる問題_Obsidian紹介
ratsbane666
0
100
エンジニアリングマネージャーの成長の道筋とキャリア / Developers Summit 2025 KANSAI
daiksy
3
1k
職種の壁を溶かして開発サイクルを高速に回す~情報透明性と職種越境から考えるAIフレンドリーな職種間連携~
daitasu
0
170
Apache Spark もくもく会
taka_aki
0
140
Snowflake Intelligence × Document AIで“使いにくいデータ”を“使えるデータ”に
kevinrobot34
1
120
Featured
See All Featured
CoffeeScript is Beautiful & I Never Want to Write Plain JavaScript Again
sstephenson
162
15k
XXLCSS - How to scale CSS and keep your sanity
sugarenia
248
1.3M
Optimising Largest Contentful Paint
csswizardry
37
3.4k
What’s in a name? Adding method to the madness
productmarketing
PRO
23
3.7k
A Modern Web Designer's Workflow
chriscoyier
696
190k
Statistics for Hackers
jakevdp
799
220k
Fireside Chat
paigeccino
39
3.6k
The Cult of Friendly URLs
andyhume
79
6.6k
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
jcasabona
33
2.4k
Context Engineering - Making Every Token Count
addyosmani
3
59
Large-scale JavaScript Application Architecture
addyosmani
513
110k
Designing for humans not robots
tammielis
253
25k
Transcript
On Password Policies Ryo Kajiwara @ RubyKaigi Drinkup by Agileware,
9/19/2017 Tw: @s01, GH: @sylph01
ࣗݾհ ֿݪ ཾ(Ryo Kajiwara) the IDIOT(ID + IoT) engineer Twitter:
@s01
એͦͷ1: ʰϓϩϑΣογ ϣφϧSSL/TLSʱ ಡॻձ ࣍ճ10/6(ۚ) 19:00 TLSͷ੬ऑੑΛղઆ͠ ·͢
એͦͷ2: ͷԻָஂ ԋձ 9/23 15:00- @ ޱϦϦΞ ʢ࡛ۄݝʣ ཧ݊γεςϜ࡞ͬͯ·͢ ʢ9/22·Ͱɺ·ͩؒʹ߹
͏ʂʣ ͪΖΜग़ԋ͠·͢
None
TL;DR
ύεϫʔυͷ ఆظߋ৽Λ ഇࢭͤ͞Α͏
ͦͷઓ͍ํͷ Λ͠·͢
None
NIST SP800-63B • NIST(ΞϝϦΧࠃཱඪ४ٕज़ݚڀॴ)ʹΑΔσδλϧೝূͷΨΠυ ϥΠϯ • ύεϫʔυͷఆظతͳมߋΛཁٻ͖͢Ͱͳ͍ • จࣈछͷΈ߹ΘͤΛύεϫʔυʹ՝͖͢Ͱͳ͍ •
͍ʮύεϑϨʔζʯΛ͏͜ͱ͕ਪ • ೋཁૉೝূʹSMSΛ͏ͷਪ͞Εͳ͍ • etc...
ݱͷύεϫʔυ߈ܸ • ૯Γ߈ܸ͚ͩͲϦΫΤετΛൃߦ͠·͘ΔΘ͚͡Όͳ͍ • ϋογϡΛୣ͏ • ฏจύεϫʔυͳΜͯอଘͯ͠ΔΘ͚ͳ͍ΑͶʁʁʁ
ه߸Λύεϫʔυʹ͚ͭΔΑ Γ͘͢Δ΄͏͕༗ར ΞϧϑΝϕοτେจࣈখจࣈ: 52छྨ ͦΕʹࣈ10छɾه߸16छྨΛͨ͠78छྨ ه߸ࠐΈ8ܻ: ࣈɾه߸ൈ͖10ܻ: → ഒ =
100ഒڧ͍ʂʂ
ύεϑϨʔζ͕ڧ͍ཧ༝ • ݱࡏͷࣙॻ߈ܸʮ୯Ұͷ୯ޠʯʹରͯ͠ߦ͏ • ڧ͍ࣙॻ߈ܸͦΕʹՃ͑ͯʮl33t sp34kʯͷΑ͏ͳจࣈஔ͖ ͑ͷΠϯΫϦϝϯτʹରͯ͠߈ܸΛ͢Δ • ʮෳ୯ޠͷΈ߹ΘͤʯΈ߹ΘͤΔ୯ޠ͕૿͑Δ΄Ͳ୯ ޠϕʔεͰ୳ࡧۭ͕ؒ૿͑ΔͷͰ͠ΜͲ͍
• ୯७ʹ͍ύεϫʔυʹͳΔ PerlPHPJavaScriptRubyCSchemeOCamlProlog Ͱेڧ͍ɻ
ҰํͰʮه߸ΛΘͤΔͳʯ Ͱͳ͍ • બࢶڱΊΔͱ୳ࡧۭؒখ͘͞ͳͬͯࢮ͵ɻ • ࡾඛ౦ژUFJۜߦͷΫϨδοτΧʔυͷαΠτɺύεϫʔυʹେ จࣈ͑ͳ͍ΜͰ͕͢ɺ୳ࡧۭؒ૬খ͘͞ͳΔͷͰ͕͢ʼʻ
ύεϫʔυϚωʔδϟʔΛ ͓͏ ݸਓͰ͏ͳΒ1Password͕൘ɻMacͷΩʔνΣʔϯɺChromeͷΩ ʔνΣʔϯʹڧ͍ύεϫʔυΛ֮͑ͤ͞ΔͷͰΑ͍ɻ اۀͰಋೖ͢ΔͳΒIDaaSͱ͍͏ΩʔϫʔυͰ͍Ζ͍Ζग़ͯ·͢ɻ
ձࣾͷύεϫʔυϙϦγʔΛ ࡴͨ͠ • ސ٬ͷIDج൫ͱ͔ηΩϡϦςΟͷࣄΛ͍࣮͕ͯͨ͋ͬͨ͠ • ͦͷ্ͰઌఔͷΤϏσϯεΛಥ͖͚ͭͯ • ਖ਼͍͠ύεϫʔυͷ͚ํͷߨशΛͨ͠ • ҎલͷϙϦγʔͷઃఆऀͷਓʹڠྗΛಘͯແࣄύεϫʔυͷఆ
ظߋ৽Λഇࢭ
ձࣾͷύεϫʔυϙϦγʔΛ ࡴͨ͠ • ҎલͷϙϦγʔมߋISMSೝূऔಘʹΑΔͷͩͬͨ • ISMSͷೝূج४ʹʮϕετɾϓϥΫςΟεʹै͑ʯͱ͔͠ॻ ͍͓ͯΒͣɺύεϫʔυఆظมߋΛཁٻ͍ͯ͠ΔΘ͚Ͱͳ͍ • ҰํPCI-DSSʹ໌ࣔ͞Ε͍ͯΔɻPCI-DSS͕ඞཁͳΒఘΊ· ͠ΐ͏
• ϙϦγʔಋೖͷࠜڌͷূ͕ͬͯͳ͍ͷʮʮʮҋʯʯʯ
None
·ͱΊ
ύεϫʔυͷ ఆظߋ৽Λ ഇࢭͤ͞Α͏
͍ύεϫʔυ Λ͚ͭΑ͏
ύεϫʔυϚωʔδϟʔ Λ͓͏
ϙϦγʔಋೖ࣌ʹ ٞͷաఔ ͪΌΜͱͦ͏
Questions?
ࢀߟURL • NIST SP800-63B ༁൛ - https:/ /openid-foundation- japan.github.io/800-63-3/sp800-63b.ja.html •
͋ͷύεϫʔυنଇɺ࣮ࣦഊ࡞ͩͬͨ @ THE WALLSTREET JOURNAL - http:/ /jp.wsj.com/articles/ SB12199000528276883842504583318883522596550 • ඪ४ॻʹݟΔʮύεϫʔυͷఆظతมߋʯͷྺ࢙(ॻ͖͔͚์ஔ) @ nilnilઐ༻νϥγͷཪ - http:/ /d.hatena.ne.jp/nilnil/ 20131220/1387546964