Government Conclusion: Irish Bloodbank Did Not Breach Data Protection Act Because Laptop Encryption Was Used.
Irish Blood Transfusion Services did not breach the Data Protection Act when their donors’ information got stolen earlier this month. Or rather, when the laptop containing their donors’ information was stolen.
The Data Protection Commission found “…that the encryption in place on the laptop was sufficient to ensure that there is only the remotest of possibilities of access taking place to the personal data in question.”
Plus, they also investigated to make sure that the usernames and passwords to decipher the encrypted information was not stolen along with the laptop. Veryfing that the keys were not, say, written to a post-it and stuck to the bottom of the device, I assume.
So, how remote are the possibilities of someone breaking the encryption? Well, it depends on two factors: the strength of the encryption key itself and the strength of the passwords. The encryption key is what is actually used to scramble the information on the laptop. The longer the key, the harder it is to break the encryption—and this difficulty increases on an exponential basis. That is, the difference between 128?bit encryption and 256?bit encryption is 2128 vs. 2256, and both are available in AlertBoot, as well as stronger forms such as 1024?bit encryption. According to some calculations, going through all possible key combinations to find the correct one would take anywhere from at least a couple of centuries to until the universe becomes a cold mass, even with all the processing power found in the world right now dedicated to fnding it—including supercomputers.
This is why people trying to hack into encrypted systems try to find other ways of doing it. The easiest? Try to figure out the password. This why a lot of emphasis is placed on alerting endusers to select a strong password.
A strong password is not only long; it has to be as random as possible. The importance of the randomness lies in the fact that one of the methods employed in cracking passwords is to use a dictionary. A computer is employed to read words from a dictionary, try it as a password, and see if it gives one access. If not, a new word is selected from the list and the process is repeated. When you consider that computers can go through this process with extreme speed, it makes sense not to use a simple word as your password. This also extends to reversing the spelling of words, since it doesn’t take much time to a computer to reverse words and give those a try. Combining two or more words that normally wouldn’t be combined (such as a dioxin-parasol-kielbasa) would be better; and yet, such techniques are still a matter of time before being broken up.
The point is to make passwords so random that a hacker is faced with either guessing with randomly generated passwords (a poor chance of success) or going through every possible combination using the alphabet. Or, you could also decide to use AlertBoot encryption services for your laptop security. One of the features in AlertBoot is limiting the number of wrong username/password tries. For example, if the limit is set at seven, you only have seven chances to supply the correct credentials. Once over that limit, it doesn’t matter that you supplied the correct username and password—you’re locked out until you call for help; only when your identity has been verified will access be given to your machine.