Chun-Sheng Li
Associate software engineer
Taipei, Taiwan
Actions
I started my career by developing a web-based sport contests information system at university.
At the same time, I ran my own blog on WordPress and enjoyed the setup and configuration steps. Since then, I've been learning new technologies and developing different web-based services. Web security is another area that I'm interested in and I've always tried to make my applications as secure as possible.
I'm also keen on contributing to open-source projects on GitHub and have been involved in a number of active projects so far. If I don't code, I share my experience and development tips on my blog.
Links
Area of Expertise
Topics
Getting started with securing the passwords!
Firstly, this is about a true story.
Back to the 2018, I was a fresh man at my company and I got a web application projects. This projects are developed since 2016.
It's not old. When I started researching these projects, I'm surprised that it uses the MD5 to hash passwords.
I ask original developers who wrote this code why using this approach to hash password, and I got answer: "Many developers use this in the most of web application projects."
Wait, seriously? I just hope I'm wrong to hear this answer.
Nowadays, we know that the MD5 will be the collision and it's possible to crack the hash result to get the plain texts.
In this talk, I introduce to the password hashing, including password_hash function and sodium function usages.
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top