Sam Habiel
sam.habiel@vistaexpertise.net
+Sam Habiel on Google+.
Cryptography is the practice and study of techniques for secure communication in the presence of third parties (called adversaries).
--
Obfuscate data for sending to another entity with the intention of defeating interception.
- Symmetric
- Asymmetric
--
Irreversibly convert data to a short "digest".
Typical Uses
- Message Authentical Code (MAC)
--
Combination of encryption and hashing send along with an encrypted document to assert to the decrypter that the decrypted document is authentic.
--
- Oopssie... This is actually an encryption.
--
XUSHSH
--
The VA XUSHSH runs an loop on some pre-defined garbage text based on the position and ascii value of an input character. After each character, the hash is partially discarded and the next part is used as an Input Vector for the next character hash. Actual output can never be traced back to an input because of the lossy character of the operation. I.e. it is a real hash.
--
EN(X) ; GENERIC HASHING ENCRYPTION -- USES ASCII ENCODING
N %HASH S %HASH=""
N %CHAR
F %CHAR=1:1:$L(X) D
. I %CHAR#2 S %HASH=$A(X,%CHAR)_%HASH
. E S %HASH=%HASH_$A(X,%CHAR)
Q %HASH
"Hashing encryption" is an oxymoron.
--
W $$MAIN^XUMF5BYT($$HEX^XUMF5AU($$MD5R^XUMF5AU("The quick fox")))
--
If nothing else, they are excellent to see how to implement bit twiddling in M.
--
There are three areas where VISTA encrypts data:
--
NOT! Electronic Signature (!??@$@%%*)
Uses a Caesar cipher: character replacement.
--
ENCRYP(S) ;RWF 2/5/96
N %,ASSOCIX,IDIX,ASSOCSTR,IDSTR
S ASSOCIX=$R(20)+1 ;get associator index
F S IDIX=$R(20)+1 Q:ASSOCIX'=IDIX ;get different identifier index
S ASSOCSTR=$P($T(Z+ASSOCIX),";",3,9) ;get associator string
S IDSTR=$P($T(Z+IDIX),";",3,9) ;get identifier string
;translated result
Q $C(IDIX+31)_$TR(S,IDSTR,ASSOCSTR)_$C(ASSOCIX+31)
;
--
Problems?
--
Input transforms on several fields encrypts them upon storage.
Output transforms decrypt them.
--
1503 SIGNATURE BLOCK NAME
1504 SIGNATURE BLOCK TITLE
1509 COSIGNATURE BLOCK NAME
1510 COSIGNATURE BLOCK TITLE
IT: S X=$$ENCRYPT^TIULC1(X,1,
$$CHKSUM^TIULC("^TIU(8925,"_+DA_",""TEXT"")"))
K:$L(X)>120!($L(X)<3) X
OT: S Y=$$DECRYPT^TIULC1(Y,1,
$$CHKSUM^TIULC("^TIU(8925,"_$S(+$G(DA):+DA,+$G(D0):+D0,1:"")
_",""TEXT"")"))
--
CHKSUM^TIULC
CHKSUM(TIUROOT,TIUY) ; Calculates checksum for a record¬
N TIUI,X S TIUI=0,TIUY=+$G(TIUY)¬
F S TIUI=$O(@TIUROOT@(TIUI)) Q:+TIUI'>0 D¬
. S X=$G(@TIUROOT@(TIUI,0))¬
. N TIUJ¬
. F TIUJ=1:1:$L(X) S TIUY=+$G(TIUY)+(($A(X,TIUJ)*TIUI)*TIUJ)¬
S TIUI=0¬
F S TIUI=$O(^TIU(8925,"DAD",+$P(TIUROOT,",",2),TIUI)) Q:+TIUI'>0 D¬
. I +$$ISADDNDM^TIULC1(+TIUI) Q¬
. S TIUY=+$G(TIUY)+$$CHKSUM("^TIU(8925,"_+TIUI_",""TEXT"")",TIUY)¬
Q +$G(TIUY)¬
--
ENCRYPT(X,X1,X2) ; Encrypt Text Strings
D EN^XUSHSHP
Q X
--
So...
This is good encryption. It uses an IV of the checksum of the document.
If the document is changed, the decryption will fail.
--
/es/ DOCTOR MCDUCK, MD
ENT PHYSICIAN
Signed: 02/27/2013 09:34
vs
/es/ lks&*(*% *(*&@#$*&
A#@^*(ssDASDF
Signed: 02/27/2013 09:34
vs (AES CBC w/ 256 bit blocks)
/es/ bad decrypt
bad decrypt
Signed: 02/27/2013 09:34
--
--
- Issue Date, Patient Name, Patient Address, Detox #
- Prov Name, Prov Add, DEA #
- Drug Name, Quantity, Directions
--
- RPC ORWOR1 SIG
- Order #, hash, sig length, "100", DUZ,
- sig as array of 240 bytes each, CRL URL, DFN
--
- Send Rx Data
- Send signature
- Encrypted Hash of Hash
- Original Hash
- Public Key
--
--
--
What's the incentive to secure VISTA?
- Most privacy breaches in healthcare (and those patients care about) are to ones who know them or who may care about them.
- Strengthening security doesn't really help that much with that.
- DOD, diplomatic, senior civil servants?