LabVIEW

I was told that MD5 is contraindicated now due to security concerns, and that the new checksum VIs specifically exclude it for this reason.

Okay thanks for the response.  It is just add to me that it was flagged as deprecated but doesn't have a replacement.  I mean I get the motivation, but if I do need to take and actual MD5 of a file, then I guess I'll be using this older function.

Yeah, I guess it's just semantics. A replacement is provided, one that doesn't have the security flaws inherent in the original implementation.

Put another way, NI doesn't think you should use MD5 anymore, so we've provided this better way. If you still want to use MD5, we left the old VI around.

My co-worker (who is new to LabVIEW) just ID'd this problem to me, literally yesterday (new user = latest version, I'm still using 2019SP1).

I came away with the same conclusion - they REALLY don't want anyone to use MD5 for the vulnerability - though of course it's still there in the library for backwards compatibility.  Complete with red X and deprecation in the description.

Dave

From a security point of view MD5 is indeed outdated and insecure, but as a simple hash for fingerprinting a string or file for instance it's not really a big problem to use. I'm not really convinced that it would need such stringent measures.

A message on the front panel and a red exclamation mark in the icon would have been enough in my opinion 😁

Rolf Kalbermatter
My Blog

Yes, using MD5 to validate simple copy and paste of test data from a local computer to a server is still considerd a safe and valid way to use the checksum.

Perhaps less safe is to continue to use it for input files that our own engineers create, however going back and changing that for already released test files is not something thats going to happen.

A more nuanced solution would have been appriciated!

---

@Atola wrote:

Yes, using MD5 to validate simple copy and paste of test data from a local computer to a server is still considerd a safe and valid way to use the checksum.

Working in LV2020 and was looking for the the MD5 checksum to do this specifically.  I'm reading it's technically available, but do you have to have an older version of LabVIEW?  Cuz I don't see it anywhere.

It's still present in my LabVIEw 2020 installation under vi.lib\Utility\MD5Checksum.llb\MD5Checksum File.vi and vi.lib\Utility\MD5Checksum.llb\MD5Checksum String.vi. It's even in 2024 present under the same name but the LLB has been turned into a directory with the same name.

With a big red cross through the icon!

Rolf Kalbermatter
My Blog