Now if I understand correctly, dictionary attacks are for people with bad passwords, right? ;-)
In a hospital setting with a bunch of programmers and a narcotic prescription writing physician on staff signing scripts electronically, that doctor would sure want there to be tight encryption, especially if that doctor were me, and likely the programmers would want it to for their protection. If you haven't had a narcotic prescription written in your name yet, give it time. On Friday 17 December 2004 10:01 am, Kevin Toppenberg wrote: > Can someone explain to me why this is needed? General > users don't have access to the stored electronic > signiture. So wouldn't a code stored in plain text be > reasonably secure? And for programmers who have > access to the stored, encrypted string, they could use > the encryption formula to run a dictionary attack and > likely crack it. > > So what is wrong with the simple hash formula we have? > > Kevin > > --- Lloyd Milligan <[EMAIL PROTECTED]> wrote: > > It would be possible to perform the electronic > > signature encryption using a > > program written in another language and called from > > within VistA. However, > > it wouldn't be like PGP, which is a public-key > > system. The MD5 message > > digest algorithm (RFC 1321) was intended for digital > > signature applications. > > > > Lloyd > > > > ----- Original Message ----- > > From: "Nancy E. Anthracite" > > <[EMAIL PROTECTED]> > > To: <[EMAIL PROTECTED]> > > Sent: Friday, December 17, 2004 7:57 AM > > Subject: Re: Fw: [Hardhats-members] How to set up > > electronic signature. > > > > > If C code can be put into M code with GTM, could > > > > we use open source PGP > > > > > type > > > encryption for this wtihout having to rewrite it > > > > in M? On the other hand, > > > > > we > > > have to put it into the Delphi end as well. Can > > > > you shove C code into > > > > > Delphi > > > somehow? > > > > > > On Friday 17 December 2004 06:34 am, Lloyd > > > > Milligan wrote: > > >> Once again, my fingers found the "Send" hotkey > > > > before I'd finished > > > > >> replying. As I was saying, a modified version of > > > > ^XUSHSH was released > > > > >> that > > >> includes a simple cipher. I believe this code > > > > may have been intended as > > > > >> a > > >> placeholder for real encryption. It is easily > > > > invertable and should not > > > > >> be > > >> used for an electronic signature. > > >> > > >> Lloyd > > >> > > >> ----- Original Message ----- > > >> From: "Lloyd Milligan" <[EMAIL PROTECTED]> > > >> To: <[EMAIL PROTECTED]> > > >> Sent: Friday, December 17, 2004 6:27 AM > > >> Subject: Re: [Hardhats-members] How to set up > > > > electronic signature. > > > > >> > VA encryption code is not present in the public > > > > release. Here is the > > > > >> > FOIA version of ^XUSHSH - > > >> > > > >> > XUSHSH ;SF-ISC/STAFF - PASSWORD ENCRYPTION > > > > ;3/23/89 15:09 ; > > > > >> > ;;8.0;KERNEL;;Jul 10, 1995 > > >> > ;; This is the public domain version of > > > > the VA Kernel. > > > > >> > ;; Use this routine for your own > > > > encryption algorithm > > > > >> > ;; Input in X > > >> > ;; Output in X > > >> > A Q > > >> > EN(X) Q X > > >> > > > >> > > > >> > However, a modified version, probably from > > > > WorldVistA includes a simple > > > > >> > invertable cipher at EN^XUSHSH. The tag line > > > > reads - > > > > >> > EN(X) ; generic hashing algorithm -- ASCII > > > > encoding of string > > > > >> > ----- Original Message ----- > > >> > From: "Roy Gaber" <[EMAIL PROTECTED]> > > >> > To: <[EMAIL PROTECTED]> > > >> > Sent: Thursday, December 16, 2004 10:17 PM > > >> > Subject: RE: [Hardhats-members] How to set up > > > > electronic signature. > > > > >> >> The encryption code should not be present in > > > > the public release of > > > > >> >> VistA. > > >> >> > > >> >> -----Original Message----- > > >> >> From: > > > > [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] > > > On Behalf Of > > > > >> >> Kevin > > >> >> Toppenberg > > >> >> Sent: Thursday, December 16, 2004 9:02 PM > > >> >> To: [EMAIL PROTECTED] > > >> >> Subject: Re: [Hardhats-members] How to set up > > > > electronic signature. > > > > >> >> Yes they were replaced. I know this, because > > > > I want > > > > >> >> to replace them in my site. I don't like the > > >> >> requirements for upper and lower case, a > > > > number and > > > > >> >> punctation. I'm not completely sure, as I > > > > write, if > > > > >> >> it the encryption code that enforces this, or > > > > the > > > > >> >> input transform on the field. But I tracked > > > > down the > > > > >> >> module that does the encryption. Its not > > > > terribly > > > > >> >> complicated--but it will work. > > >> >> > > >> >> Kevin > > >> >> > > >> >> > > >> >> > > >> >> --- "Nancy E. Anthracite" > > > > <[EMAIL PROTECTED]> > > > > >> >> wrote: > > >> >>> I believe the encryption algorithms for the > > >> >>> electronic signature codes and > > >> >>> access and verify codes were removed. What > > > > were > > > > >> >>> they replaced with, if > > >> >>> anything? > > >> >>> > > >> >>> > > >> >>> On Thursday 16 December 2004 08:01 pm, Kevin > > >> >>> > > >> >>> Toppenberg wrote: > > >> >>> > Found the answer (in the fine manual) > > >> >>> > > > >> >>> > You have to go into: TIU IRM MAINTENANCE > > > > MENU, > > > > >> >>> then > > >> >>> > > >> >>> > into TIU SET-UP MENU, then TIU BASIC > > > > PARAMETER > > > > >> >>> EDIT. > > >> >>> > > >> >>> > And there you select your institution and > > > > then > > > > >> >>> "YES" > > >> >>> > > >> >>> > to "ENABLE ELECTRONIC SIGNITURE" > > >> >>> > > > >> >>> > And hallajah, it now works. :-) > > >> >>> > > > >> >>> > Kevin > > >> >>> > > > >> >>> > > > >> >>> > --- "Nancy E. Anthracite" > > >> >>> > > >> >>> <[EMAIL PROTECTED]> > > >> >>> > > >> >>> > wrote: > > >> >>> > > Kevin, pure guesses, but did you give > > > > your > > > > >> >>> providers > > >> >>> > > >> >>> > > the ORES key for doc. > > >> >>> > > The description of the key is: > > >> >>> > > > > >> >>> > > This key is given to users that are > > > > authorized > > > > >> >>> to > > >> >>> > > >> >>> > > write orders in the chart. > > >> >>> > > Users with this key can verify with their > > >> >>> > > >> >>> electronic > > >> >>> > > >> >>> > > signature patient > > >> >>> > > orders. This key is typically given to > > > > licensed > > > > >> >>> > > Physicians. Orders entered by > > >> >>> > > users with this key can be released to > > > > the > > > > >> >>> ancillary > > >> >>> > > >> >>> > > service for immediate > > >> >>> > > action. DO NOT give users both the ORES > > > > key and > > > > >> >>> the > > >> >>> > > >> >>> > > ORELSE key. > > === message truncated === > > > > > __________________________________ > Do you Yahoo!? > Yahoo! Mail - Find what you need with new enhanced search. > http://info.mail.yahoo.com/mail_250 > > > ------------------------------------------------------- > SF email is sponsored by - The IT Product Guide > Read honest & candid reviews on hundreds of IT Products from real users. > Discover which products truly live up to the hype. Start reading now. > http://productguide.itmanagersjournal.com/ > _______________________________________________ > Hardhats-members mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/hardhats-members -- Nancy Anthracite ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ _______________________________________________ Hardhats-members mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/hardhats-members
