Can someone explain to me why this is needed? General users don't have access to the stored electronic signiture. So wouldn't a code stored in plain text be reasonably secure? And for programmers who have access to the stored, encrypted string, they could use the encryption formula to run a dictionary attack and likely crack it.
So what is wrong with the simple hash formula we have? Kevin --- Lloyd Milligan <[EMAIL PROTECTED]> wrote: > It would be possible to perform the electronic > signature encryption using a > program written in another language and called from > within VistA. However, > it wouldn't be like PGP, which is a public-key > system. The MD5 message > digest algorithm (RFC 1321) was intended for digital > signature applications. > > Lloyd > > ----- Original Message ----- > From: "Nancy E. Anthracite" > <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Friday, December 17, 2004 7:57 AM > Subject: Re: Fw: [Hardhats-members] How to set up > electronic signature. > > > > If C code can be put into M code with GTM, could > we use open source PGP > > type > > encryption for this wtihout having to rewrite it > in M? On the other hand, > > we > > have to put it into the Delphi end as well. Can > you shove C code into > > Delphi > > somehow? > > > > On Friday 17 December 2004 06:34 am, Lloyd > Milligan wrote: > >> Once again, my fingers found the "Send" hotkey > before I'd finished > >> replying. As I was saying, a modified version of > ^XUSHSH was released > >> that > >> includes a simple cipher. I believe this code > may have been intended as > >> a > >> placeholder for real encryption. It is easily > invertable and should not > >> be > >> used for an electronic signature. > >> > >> Lloyd > >> > >> ----- Original Message ----- > >> From: "Lloyd Milligan" <[EMAIL PROTECTED]> > >> To: <[EMAIL PROTECTED]> > >> Sent: Friday, December 17, 2004 6:27 AM > >> Subject: Re: [Hardhats-members] How to set up > electronic signature. > >> > >> > VA encryption code is not present in the public > release. Here is the > >> > FOIA version of ^XUSHSH - > >> > > >> > XUSHSH ;SF-ISC/STAFF - PASSWORD ENCRYPTION > ;3/23/89 15:09 ; > >> > ;;8.0;KERNEL;;Jul 10, 1995 > >> > ;; This is the public domain version of > the VA Kernel. > >> > ;; Use this routine for your own > encryption algorithm > >> > ;; Input in X > >> > ;; Output in X > >> > A Q > >> > EN(X) Q X > >> > > >> > > >> > However, a modified version, probably from > WorldVistA includes a simple > >> > invertable cipher at EN^XUSHSH. The tag line > reads - > >> > > >> > EN(X) ; generic hashing algorithm -- ASCII > encoding of string > >> > > >> > ----- Original Message ----- > >> > From: "Roy Gaber" <[EMAIL PROTECTED]> > >> > To: <[EMAIL PROTECTED]> > >> > Sent: Thursday, December 16, 2004 10:17 PM > >> > Subject: RE: [Hardhats-members] How to set up > electronic signature. > >> > > >> >> The encryption code should not be present in > the public release of > >> >> VistA. > >> >> > >> >> -----Original Message----- > >> >> From: > [EMAIL PROTECTED] > >> >> > [mailto:[EMAIL PROTECTED] > On Behalf Of > >> >> Kevin > >> >> Toppenberg > >> >> Sent: Thursday, December 16, 2004 9:02 PM > >> >> To: [EMAIL PROTECTED] > >> >> Subject: Re: [Hardhats-members] How to set up > electronic signature. > >> >> > >> >> Yes they were replaced. I know this, because > I want > >> >> to replace them in my site. I don't like the > >> >> requirements for upper and lower case, a > number and > >> >> punctation. I'm not completely sure, as I > write, if > >> >> it the encryption code that enforces this, or > the > >> >> input transform on the field. But I tracked > down the > >> >> module that does the encryption. Its not > terribly > >> >> complicated--but it will work. > >> >> > >> >> Kevin > >> >> > >> >> > >> >> > >> >> --- "Nancy E. Anthracite" > <[EMAIL PROTECTED]> > >> >> > >> >> wrote: > >> >>> I believe the encryption algorithms for the > >> >>> electronic signature codes and > >> >>> access and verify codes were removed. What > were > >> >>> they replaced with, if > >> >>> anything? > >> >>> > >> >>> > >> >>> On Thursday 16 December 2004 08:01 pm, Kevin > >> >>> > >> >>> Toppenberg wrote: > >> >>> > Found the answer (in the fine manual) > >> >>> > > >> >>> > You have to go into: TIU IRM MAINTENANCE > MENU, > >> >>> > >> >>> then > >> >>> > >> >>> > into TIU SET-UP MENU, then TIU BASIC > PARAMETER > >> >>> > >> >>> EDIT. > >> >>> > >> >>> > And there you select your institution and > then > >> >>> > >> >>> "YES" > >> >>> > >> >>> > to "ENABLE ELECTRONIC SIGNITURE" > >> >>> > > >> >>> > And hallajah, it now works. :-) > >> >>> > > >> >>> > Kevin > >> >>> > > >> >>> > > >> >>> > --- "Nancy E. Anthracite" > >> >>> > >> >>> <[EMAIL PROTECTED]> > >> >>> > >> >>> > wrote: > >> >>> > > Kevin, pure guesses, but did you give > your > >> >>> > >> >>> providers > >> >>> > >> >>> > > the ORES key for doc. > >> >>> > > The description of the key is: > >> >>> > > > >> >>> > > This key is given to users that are > authorized > >> >>> > >> >>> to > >> >>> > >> >>> > > write orders in the chart. > >> >>> > > Users with this key can verify with their > >> >>> > >> >>> electronic > >> >>> > >> >>> > > signature patient > >> >>> > > orders. This key is typically given to > licensed > >> >>> > > Physicians. Orders entered by > >> >>> > > users with this key can be released to > the > >> >>> > >> >>> ancillary > >> >>> > >> >>> > > service for immediate > >> >>> > > action. DO NOT give users both the ORES > key and > >> >>> > >> >>> the > >> >>> > >> >>> > > ORELSE key. > === message truncated === __________________________________ Do you Yahoo!? Yahoo! Mail - Find what you need with new enhanced search. http://info.mail.yahoo.com/mail_250 ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ _______________________________________________ Hardhats-members mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/hardhats-members
