Home Community Discussion Forums Most Active Software Boards LabVIEW Topic

LabVIEW

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

File Encryption

File Encryption

‎06-21-2005 09:43 AM

Hi, I have a password in a program that I allow the user to change. I do this by simply saving the password to file, then calling the password (when needed) from that file.

However, of course anyone can just go onto the hard drive and find the file, and steal the password.

I was curious if anyone has an idea of either how to encrypt the file, or a better way to store the password, or some ideas on how to make this app more secure?


Thanks,
Ryan (7.0)
Ryan

LV 7.1
0 Kudos
Message 1 of 22
(8,143 Views)
Reply

Re: File Encryption

‎06-21-2005 09:57 AM

You will love this 🙂

Cheers!
Ian F
Since LabVIEW 5.1... 7.1.1... 2009, 2010, 2014
依恩与LabVIEW
LVVILIB.blogspot.com
Message 2 of 22
(8,118 Views)
Reply

Re: File Encryption

‎06-21-2005 10:10 AM

You also need to worry what should happen if somebody deletes the file ;).

It really depends on your security requirements, bu you definiltey should not store any password in clear text. In fact, you don't need to store the password at all, just the result of some more or less one-way calculation given the password as input.
For example, you could XOR your password with some other known string, rotate the result by the value in the third digit, then take the MD5 of it and store that in the file (or in the registry using the registriy file tools). To verify the password, just see if you get the same result.

Have a look at this wikipedia entry for some other suggestions.
LabVIEW Champion.
Message 3 of 22
(8,116 Views)
Reply

Re: File Encryption

‎06-21-2005 11:37 AM

where are the registry tools located? my security does not have to be super high...just high enough so an average joe can't mess it up 😃

I am looking at this blowfish stuff...hopefully I can find a way to implement it.


The registry idea has really got my attention though, if I can save the password to and read from (and edit) the registry, that is what I would like to do.

Thanks again guys!

Ryan
Ryan

LV 7.1
Message 4 of 22
(8,106 Views)
Reply

Re: File Encryption

‎06-21-2005 11:41 AM

I found the registry tools.

I am going to play around with them a bit, if anyone has an example vi they have made of writing to the registry, then reading from the registry that would be great!

Ryan
Ryan

LV 7.1
0 Kudos
Message 5 of 22
(8,103 Views)
Reply

Re: File Encryption

‎06-21-2005 11:44 AM

There are two shipping examples Read From Windows Registry and Write to Windows Registry.
Message 6 of 22
(8,097 Views)
Reply

Re: File Encryption

‎06-21-2005 11:56 AM

Check Crypto-G.

Regards;
Enrique
www.vartortech.com
0 Kudos
Message 7 of 22
(8,092 Views)
Reply

Re: File Encryption

‎07-08-2005 01:06 PM - edited ‎07-08-2005 01:06 PM

Nevermind

Message Edited by AmanoGinji on 07-08-2005 01:07 PM

0 Kudos
Message 8 of 22
(8,034 Views)
Reply

Re: File Encryption

‎07-08-2005 10:11 PM

To expand on the idea altenbach gave, attached is a copy of a VI I wrote to implement the SHA1 (Secure Hash Algorithm 1). It is used extensively and provides a way of storing things without storing things--if you get my point. When the user creates the password (of any length!) you store away the SHA1 hash of the value (40 characters). To log in the operator enters their password and you again run the SHA1 algorithm against it and if the two hashes match they are in.

According to the RFC defining the algorithm, given a hash, it is "computationally unfeasible" to try and generate another string that produces the same hash.

Mike...


Certified Professional Instructor
Certified LabVIEW Architect
LabVIEW Champion

"... after all, He's not a tame lion..."

For help with grief and grieving.
View All (1)
Message 9 of 22
(8,020 Views)
Reply

Re: File Encryption

‎07-11-2005 05:43 AM


@mikeporter wrote:

According to the RFC defining the algorithm, given a hash, it is "computationally unfeasible" to try and generate another string that produces the same hash.

Mike...


I few years ago they said that about MD5 as well :Smiley Surprised. Nowadays MD5 can only be considered to keep out the curious but definitely isn't a good algorithme to encrypt passwords in high security environments. And dictonary attacks are still a very effective way of cracking even the most complex umptien hundred bits hash encryptions if you have access to the hashs. It is a well known secret that passwords are typically chosen such that they are easily to remember, which most times means not hard to crack.

Rolf Kalbermatter
Rolf Kalbermatter  My Blog
DEMO, Electronic and Mechanical Support department, room 36.LB00.390
Message 10 of 22
(7,995 Views)
Reply