Category:Disk Encryption

JHU requires that anyone who stores "sensitive information" on their laptop must ensure that information is encrypted. This includes, among other things, financial data, student records, employment records, social security numbers, other personally identifiable information (PII), and certain research data involving human subjects.

Sensitive information might come from a variety of sources, including email sent to you. Consequently, we recommend that every computer used for Department work (administrative, class-related, research, or other) make use of full-disk encryption, especially if that computer ever resides in an unsecured environment (e.g. a laptop you ever take out of your office, or a desktop located in a room to which multiple people have access).

Whiting School's central IT group (WSE) has put together an overview of JHU's disk encryption requirements at: http://wseit.engineering.jhu.edu/get-help/computer-hard-drive-encryption

Some guidance for implementing full-disk encryption on various systems on the following pages:

Disk Encryption Passphrases

  • The passphrase for your disk should be something long enough that it cannot be guessed, even by a determined computer, but ideally something that you can remember.
  • Your passphrase should not be the same as your everyday password for your computer. (It's okay to use the same passphrase for your disk encryption and your root/administrator account, assuming that you primarily use sudo or similar privilege escalation tools rather than su (or logging in as root/administrator) to work with administrative permissions.)
  • If you need to write your passphrase down to remember it, keep it somewhere safe (e.g. your wallet) and protect it in the same way that you would protect the key to your office or home. Do not store it anywhere near your computer.

One method for generating long but reasonably memorable passphrases is Diceware.

Pages in category "Disk Encryption"

This category contains only the following page.