Comment Re:[shrug] (Score 2) 226
You know, we've been doing this for four years where I work. And yes, I know everyone here is going to espouse Truecrypt as the one true solution, but the simple fact is NASA is run as a corporation... as such they'll probably go for a solution that's vendor supported. The fact that they're NASA will probably mean they'll get a pretty decent price on the software too. Now, the downside of full-disk encryption (which many lazy corporations do instead of home directory only) is that it does increase the load on your system, slow it down and make recovery if/when it breaks a royal pain. Our helpdesk has an almost constant stream of laptops coming and going through their hands that they have to decrypt and re-encrypt because something got out of sync. Time consuming, and leads to downtime for the users. I've often suggested home folder only encryption... but the higher ups want it all encrypted... right up to the point that their laptop is down for two days because they've broken it. By the way, another horrible side effect of whole disk encryption is that our experience says that it'll kill SSD's pretty rapidly. Our average SSD life is less than a year at this point because there doesn't seem to be a good full-disk encryption software that properly implements TRIM... so spinning disk or hybrid disk is the way to go.
I run a Lenovo X220 with hardware accelerated AES on a Core I5. The increased load is NON-EXISTENT. Also if you run a SSD with sandforce controller (which compresses data), the performance will be poor, and the wear very high. I run a samsung 830 SSD. Fastest ssd for encrypted disks (does not compress data on the fly). Also, i use DiskCryptor. It does have TRIM enabled for encrypted disks.