NI Home
Cart Cart | Help
Company Events Academic NI Developer Zone Support Solutions Products & Services Contact NI MyNI

Up to Documents in NI Developer Zone Community
Currently Being Moderated

Integrating Windows hashing functions into CVI

VERSION 5

Created on: Jan 10, 2007 10:23 AM by Roberto Bozzolo - Last Modified:  Sep 4, 2008 1:48 AM by Roberto Bozzolo

REQUIREMENTS:
Application Software: LabWindows/CVI Full Development System 7.1
Driver Software: NI-IMAQ for USB Cameras 1.0
Hardware Family: 5B
Add-on Software: IMAQ Vision for LabVIEW 8.6.1,8.6,8.5.1,8.5,8.2.1,8.2,8.0.1,8.0
Product Category: 5B Series
Development Topic: Acquiring User Input
Industry: Automotive
Application Type: Resistance
Technology: Java

Hashing functions are used to store passwords in a safe manner. Windows SDK includes functions for easily creating a hashed version of a string and this sample integrates these functions in a CVI project.

 

Storing a password on the system can be a dangerous task in case some user has the abilty to read back this information and by-pass the password security level.The usual solution for this problem is to apply some algorithm to the password text so that from the resulting string the original password cannot be obtained. This procedure is often called "hashing", where "hash algorithm" is a one-way function that generates a unique signature from an original string passed to it. Being one-way implies that there is no possibility to obtain the original text starting from the hashed output. A good hashing function implies also that there is no possibility of collisions (i.e. two different texts that produce the same hashed output).

Having a good hashing function reduces the problem of storing passwords anywere in the system to a procedure like this:

- Let the user input his password the first time

- Hash it and store the hashed text ("signature") on disk (e.g. in the system's registry)

- When the user needs to enter the system again, let him retype his password, hash it and check this hashed text with the signature already stored in the system: if they're the same, the password is correct so let the user come in.

 

The supplied project realizes these operations based on the Base Cryptographic Provider integrated in the Windows OS which, according to SDK documentation, "creates digital signatures that conform to the RSA Public-Key Cryptography Standard (PKCS) #6.". It relies on Crypt32.lib distributed with SDK library included in CVI (full): I do not know if this library and related APIs are included in the base version of CVI too. The attached sample has been realized with CVI 7.1; it has been tested with CVI 8.0.1 too without apparent problems.

 

Downloads:
Tags: labwindows, labwindows_cvi, cvi
Average User Rating
(0 ratings)
Comments (3)
Jan 11, 2007 8:56 PM
BetaCommunityContent  says:

Hashing algo

 

   What hashing algorithm does this use, and how does it compare to say sha-512?

             &n bsp; 
Jan 14, 2007 12:14 AM
BetaCommunityContent  says in response to BetaCommunityContent:

Hashing algo

 

As far as I can see in SDK documentation, it uses MD5 algorithm. Note that this sample uses some simplified commands included in the system: inside the library several low-level CryptoAPI functions are present with which you can use other algorithms. Look in SDK documentation for more reference.

             &n bsp; 
Jun 8, 2009 6:13 AM
KurtJakobsen KurtJakobsen  says:

I have an .Net (aspx) application that I want to share password with a CVI application (store hashed pwd in registry then typing the pwd in either .Net or CVI should give the same hashed pwd that can be compared with the one in registry).
But I have not been able to find hash functions that give the same hashed string in CVI and .Net.

I tried the CVI project supplied here. Apparently it uses MD5, but it does not give the same hashed string as .net give with the function pasted below.
CVI:
Input: test
Output: 3047692a864886f7d175a03a303821030c682a864886f7d25503013692a864886f7d171a0644746 5737441098f6bcd4621d373cade4e832627b4f6
.Net:
Input: test
Output: 9F7D8627E02F97CC5A52DCB2BA96038FE12F2A34B0FAC50E041359AE13D5EDE8A8A50562DA58BA7 916DA378E7343EF91E85EFBD6A0A70AB237ADA4C2274DF13D
Both the .Net and CVI functions have some parameters to play around with, but I do not know how to set them to provide the same output.
Is there anybody who have managed to compute the same hashed string from .net and CVI (does not need to be MD5,  anything that will provide a secure password checking will do)

using System.Security.Cryptography;
static public string GetCryptString(string str)
{
  Encoder enc = System.Text.Encoding.Unicode.GetEncoder();
  byte[] unicodeText = new byte[str.Length * 2];
  enc.GetBytes(str.ToCharArray(), 0, str.Length, unicodeText, 0, true);
  MD5 md5 = new MD5CryptoServiceProvider();
  byte[] result = md5.ComputeHash(unicodeText);
  StringBuilder sb = new StringBuilder();
  for (int i=0;i<result.Length;i++)
  {
    sb.Append(result[i].ToString("X2"));
  }
  string sRet = sb.ToString();
}

More Like This

  • Retrieving data ...

More by Roberto Bozzolo

View Roberto Bozzolo's profile

Legal

This content (includes attachments) has been made available by community members, whom are solely responsible for such content. National Instruments does not support this content, and does not guarantee its quality in any way. NATIONAL INSTRUMENTS MAKES NO WARRANTIES, EXPRESS, STATUTORY OR IMPLIED, WITH RESPECT TO THIS CONTENT, INCLUDING WITHOUT LIMITATION ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, NON-INFRINGEMENT OF INTELLECTUAL PROPERTY, OR ANY OTHER WARRANTIES THAT MAY ARISE FROM USAGE OF TRADE OR COURSE OF DEALING. For details regarding support of such content, please contact the author. For further legal information, please visit http://ni.com/legal/termsofuse/unitedstates/us/.