Changes between Version 15 and Version 16 of security/electronic_signatures


Ignore:
Timestamp:
Mar 1, 2013, 4:47:33 PM (11 years ago)
Author:
Sam Habiel
Comment:

--

Legend:

Unmodified
Added
Removed
Modified

  • security/electronic_signatures

    v15 v16  
    303303
    304304=== Impact of the new hashing algorithm ===
    305 Replacement of the Hash algorithm presents no foreseable problems. The maximum length of the output of the new hash is identical to the maximum length of the old. You only need to ensure that at the time of installing the new hash you convert the old unencrypted electronic signatures into the hashed form so that the user's electronic signatures will continue working.
     305Replacement of the Hash algorithm presents no foreseeable problems. The maximum length of the output of the new hash is identical to the maximum length of the old. You only need to ensure that at the time of installing the new hash you convert the old unencrypted electronic signatures into the hashed form so that the user's electronic signatures will continue working.
    306306
    307307=== Impact of the new encryption algorithm ===
    308308This area is far more problematic for two reasons: the output of the hash is random data (which Fileman cannot store, as it cannot store bytes which MUMPS considers to be control characters), and with block ciphers input is padded to achieve block size. Both of these issues mean that to achieve proper encryption, you will need to base64 encode output from a block cipher so the result can be stored in Fileman. In the end, it means that the encrypted data is much longer than the original data (but not quite double the size). This means that we need to expand the Fileman fields where the encrypted data is stored. The KIDS file accompanying this article expands the 4 TIU fields that store encrypted data to 120 characters each from 60 characters. It's anticipated that other fields (especially field 10 in File 74) will need to be expanded depending on the number of packages you are using. The alternative is to change the encryption algorithm to something much weaker (even rot5) to be able to retain the current sizes.
    309309
    310 The following is an analysis of all the impacted area in VISTA:
     310The following is an analysis of all the impacted areas in VISTA:
    311311{{{
    312312r/DVBCHLUT.m: D EN^XUSHSHP
     
    429429* Convert the unencrypted data in the fields that are supposed to be
    430430encrypted to encrypted using the encryption algorithm.
    431 * Expand the fields that will store the encrypted data as encrypted data
     431* Expand the fields that will store the encrypted data, as encrypted data
    432432is typically 75% larger.
    433433