Upgrade to Pro — share decks privately, control downloads, hide ads and more …

第八回 #渋谷java - Java 8 で造る認証系

KOMIYA Atsushi
September 20, 2014

第八回 #渋谷java - Java 8 で造る認証系

第八回 #渋谷java http://shibuya-java.connpass.com/event/8212/ での発表資料です。 サンプル実装は https://gist.github.com/komiya-atsushi/6ffac79533c3bfad8bba こちらです。

KOMIYA Atsushi

September 20, 2014
Tweet

More Decks by KOMIYA Atsushi

Other Decks in Programming

Transcript

  1. μϝͳೝূܥ͋Δ͋Δ • ύεϫʔυΛฏจͷ·· DB ʹอଘͪ͠Ό͏ • ύεϫʔυΛ෮ݩՄೳͳ҉߸ԽΞϧΰϦζϜͰ҉߸Խ • ύεϫʔυΛΦϨΦϨϋογϡؔ਺ͰϋογϡԽ •

    ύεϫʔυΛ SHA-1 ͱ͔Ͱ୯७ʹϋογϡԽ • ύεϫʔυ + ڞ௨ salt Λ SHA-1 ͰϋογϡԽ • ύεϫʔυ + java.util.Random#nextBytes() Ͱੜ੒ͨ͠ݸผͷ salt Λ SHA-1 ͰϋογϡԽ
  2. ؾΛ͚ͭΔ΂͖͜ͱ • ΞΧ΢ϯτݸผʹ salt Λ༻ҙ͢Δ • ҉߸࿦తٖࣅཚ਺ੜ੒ث (CSPRNG) Ͱ salt

    Λੜ੒͢Δ • /dev/random, /dev/urandom, etc. • ҉߸ֶతϋογϡؔ਺Λར༻͢Δ
  3. ؾΛ͚ͭΔ΂͖͜ͱ • ΞΧ΢ϯτݸผʹ salt Λ༻ҙ͢Δ • ҉߸࿦తٖࣅཚ਺ੜ੒ث (CSPRNG) Ͱ salt

    Λੜ੒͢Δ • /dev/random, /dev/urandom, etc. • ҉߸ֶతϋογϡؔ਺Λར༻͢Δ • MD5, SHA-1, SHA-512, etc.
  4. ؾΛ͚ͭΔ΂͖͜ͱ • ΞΧ΢ϯτݸผʹ salt Λ༻ҙ͢Δ • ҉߸࿦తٖࣅཚ਺ੜ੒ث (CSPRNG) Ͱ salt

    Λੜ੒͢Δ • /dev/random, /dev/urandom, etc. • ҉߸ֶతϋογϡؔ਺Λར༻͢Δ • MD5, SHA-1, SHA-512, etc. • ετϨονϯά͢Δ
  5. Java Cryptography Architecture Oracle Providers Documentation • Java 7 :


    http://docs.oracle.com/javase/7/docs/ technotes/guides/security/SunProviders.html • Java 8 :
 http://docs.oracle.com/javase/8/docs/ technotes/guides/security/SunProviders.html
  6. ҉߸࿦తٖࣅཚ਺ੜ੒ثͷ࣮૷ • Java 7 Ҏલ͔Βଘࡏ & શϓϥοτϑΥʔϜαϙʔτ • SHA1PRNG •

    Java 8 Ҏ߱ & Solaris / Linux / OS X ͷΈαϙʔτ • NativePRNG • NativePRNGBlocking • NativePRNGNonBlocking
  7. ετϨονϯά • ܁Γฦ͠ճ਺ͷઃఆ • CPU ϦιʔεΛফඅ͢Δ͜ͱʹ஫ҙ • DoS ߈ܸͷखஈʹͳΓ͏Δ •

    ࢀߟ : 1Password • https://learn2.agilebits.com/1Password4/Security/PBKDF2- overview.html • 10,000 ճΒ͍͠
  8. DES DESede PBEWithMD5AndDES PBEWithMD5AndTripleDES PBEWithSHA1AndDESede PBEWithSHA1AndRC2_40 PBKDF2WithHmacSHA1 DES DESede PBEWithMD5AndDES

    PBEWithMD5AndTripleDES PBEWithSHA1AndDESede PBEWithSHA1AndRC2_40 PBEWithSHA1AndRC2_128 PBEWithSHA1AndRC4_40 PBEWithSHA1AndRC4_128 PBKDF2WithHmacSHA1 PBKDF2WithHmacSHA224 PBKDF2WithHmacSHA256 PBKDF2WithHmacSHA384 PBKDF2WithHmacSHA512 PBEWithHmacSHA1AndAES_128 PBEWithHmacSHA224AndAES_128 PBEWithHmacSHA256AndAES_128 PBEWithHmacSHA384AndAES_128 PBEWithHmacSHA512AndAES_128 PBEWithHmacSHA1AndAES_256 PBEWithHmacSHA224AndAES_256 PBEWithHmacSHA256AndAES_256 PBEWithHmacSHA384AndAES_256 PBEWithHmacSHA512AndAES_256 +BWB +BWB
  9. DES DESede PBEWithMD5AndDES PBEWithMD5AndTripleDES PBEWithSHA1AndDESede PBEWithSHA1AndRC2_40 PBKDF2WithHmacSHA1 DES DESede PBEWithMD5AndDES

    PBEWithMD5AndTripleDES PBEWithSHA1AndDESede PBEWithSHA1AndRC2_40 PBEWithSHA1AndRC2_128 PBEWithSHA1AndRC4_40 PBEWithSHA1AndRC4_128 PBKDF2WithHmacSHA1 PBKDF2WithHmacSHA224 PBKDF2WithHmacSHA256 PBKDF2WithHmacSHA384 PBKDF2WithHmacSHA512 PBEWithHmacSHA1AndAES_128 PBEWithHmacSHA224AndAES_128 PBEWithHmacSHA256AndAES_128 PBEWithHmacSHA384AndAES_128 PBEWithHmacSHA512AndAES_128 PBEWithHmacSHA1AndAES_256 PBEWithHmacSHA224AndAES_256 PBEWithHmacSHA256AndAES_256 PBEWithHmacSHA384AndAES_256 PBEWithHmacSHA512AndAES_256 +BWB +BWB
  10. ͜͜·Ͱॻ͍͓͍ͯͯͳΜͰ͕͢ • ೝূܥͷࣗ࡞͸΍Ί·͠ΐ͏ • ʮṷ͸ṷ԰ʯ • ʢ࢖ͬͨ͜ͱͳ͍Ͱ͕͢ʣApache Shiro ͱ͔ Spring

    Security ͱ͔࢖͏ͱ͍͍Μ͡Όͳ͍Ͱ͔͢Ͷʁ • “Apache Shiro Λ࢖ͬͯΈͨ”
 http://www.slideshare.net/chonaso/java-apache- shiro
  11. େਓͷࣄ৘ͰೝূܥΛࣗ࡞͠ͳ͖Ό ͍͚ͳ͍ͱ͖͸ • ҎԼΛ͖ͪΜͱҙࣝͯ͠࡞ΔΑ͏ʹ͠·͠ΐ͏ • ΞΧ΢ϯτݸผʹ salt Λ༻ҙ͢Δ • ҉߸࿦తٖࣅཚ਺ੜ੒ث

    (CSPRNG) Ͱ salt Λੜ੒͢Δ • SecureRandom • ҉߸ֶతϋογϡؔ਺Λར༻͢Δ • PBKDF2WithHmacSHA* • ετϨονϯά͢Δ • PBEKeySpec
  12. ৄ͘͠͸ҎԼͷ URL Ͱʂ http://www.smartnews.co.jp/recruit/ • iOS ΤϯδχΞ • Android ΤϯδχΞ

    • αʔόαΠυΤϯδχΞ • ػցֶशʗࣗવݴޠॲཧΤϯδχΞ • Web ΞϓϦέʔγϣϯΤϯδχΞ • ޿ࠂΤϯδχΞ • άϩʔεϋοΫΤϯδχΞ • ϓϩμΫςΟϏςΟΤϯδχΞ • αϙʔτΤϯδχΞ