Quasi-Encryption--Will This Work?

DJDDA · ‎11-30-2007

I need a program to save variables between runs, but I'm trying to keep users from getting to said variables without a password. The VI posted here is a sub VI which will be used when the user has entered the password correctly in the program.

I don't really know anything about the functionality of various file types, so I'm wondering whether the code posted here is safe and effective. Basically, the idea is to write to a file type that isn't usually valid and thus can't normally be read.

This *seems* to work, except for a password string which is readable in notepad (via "Open With...") and thus will have to be encrypted somehow, but I want to make sure that I'm not creating problems that I'm not aware of.

Edit: This is NOT supposed to be a complete sub VI, I just want to know whether this file action works before I finish the program.

Message Edited by DJDDA on 11-30-2007 05:20 PM

smercurio_fc · ‎11-30-2007

What you are doing has nothing to do with encryption since you're not encrypting anything. All that you're doing is writing a cluster our to a file. It gets written out in binary format, and the extensions is irrelevant. Anybody with a little time and patience will be able to parse the file. altenbach is very good at this sort of thing.

It's not clear what you are doing. I know what the VI is doing, I just don't know what you're doing. You said that the VI is used when a user enters a password correctly in the program. What does this mean? Are you saying you have a some button someplace on your front panel that pops up a dialog to request a password and if the user enter the password correctly then it will display the contents of the file? If so, what are you trying to encrypt? The data, or the password, or both?

F._Schubert · ‎12-02-2007

If you want to encrypt the password (or all of the data), you can use the blowfish implementation:

http://zone.ni.com/devzone/cda/epd/p/id/3473

Felix

DJDDA · ‎12-03-2007

"It's not clear what you are doing."

Ah, sorry.

The main VI will be used to run instrumentation remotely. Many behind-the-scenes features of this main VI--such as the addresses of the actual devices--is hidden from view and password-protected. The intention is to prevent users from inadvertently throwing inaccuracies into the feedback or breaking the communication lines (and, in one case, to prevent damage to the devices).

The point of obfuscating the settings file is to slow down people who think that they know what's going on better than the administrators do--we don't want them to decide, "well, I think this probably needs to be changed, and I don't feel like dealing with my superiors, so I'm just going to look up the password and change stuff without telling anyone."

Someone who *really* wants to throw a monkey wrench into the process could still sit down, sort things out, and make a mess, but then (1) we've clearly got problems between chair and keyboard that need dealt with and (2) the administrators can just reinstall the program from scratch to fix things, if no simpler solution is available.

We're not worried about data loss or confidentiality at all at this point.

F._Schubert · ‎12-03-2007

For that intention, any way of obfuscating the password will do. But the blowfish implementation I posted the link to above is a safe and easy (it's just download and use the vi, maybe you want get rid of the zipping dll) way to go.

Felix

DJDDA · ‎12-03-2007

Thank you. I'll do that.

LabVIEW

Quasi-Encryption--Will This Work?

Quasi-Encryption--Will This Work?

Re: Quasi-Encryption--Will This Work?

Re: Quasi-Encryption--Will This Work?

Re: Quasi-Encryption--Will This Work?

Re: Quasi-Encryption--Will This Work?

Re: Quasi-Encryption--Will This Work?