LabVIEW

I was told that MD5 is contraindicated now due to security concerns, and that the new checksum VIs specifically exclude it for this reason.

Okay thanks for the response.  It is just add to me that it was flagged as deprecated but doesn't have a replacement.  I mean I get the motivation, but if I do need to take and actual MD5 of a file, then I guess I'll be using this older function.

Yeah, I guess it's just semantics. A replacement is provided, one that doesn't have the security flaws inherent in the original implementation.

Put another way, NI doesn't think you should use MD5 anymore, so we've provided this better way. If you still want to use MD5, we left the old VI around.

My co-worker (who is new to LabVIEW) just ID'd this problem to me, literally yesterday (new user = latest version, I'm still using 2019SP1).

I came away with the same conclusion - they REALLY don't want anyone to use MD5 for the vulnerability - though of course it's still there in the library for backwards compatibility.  Complete with red X and deprecation in the description.

Dave

From a security point of view MD5 is indeed outdated and insecure, but as a simple hash for fingerprinting a string or file for instance it's not really a big problem to use. I'm not really convinced that it would need such stringent measures.

A message on the front panel and a red exclamation mark in the icon would have been enough in my opinion 😁

Rolf Kalbermatter
My Blog

Yes, using MD5 to validate simple copy and paste of test data from a local computer to a server is still considerd a safe and valid way to use the checksum.

Perhaps less safe is to continue to use it for input files that our own engineers create, however going back and changing that for already released test files is not something thats going to happen.

A more nuanced solution would have been appriciated!