• ITS Help Desk
• Support
• Security
• Software Central
• Get a Computer
• Help Desk Live

Getting Started with Encryption

Faculty/Staff Note: Before you begin, it is extremely important that you notify your departmental IT provider because they will want to be involved in this process and can potentially make things easier for you.

What Encryption Should I Use?

The answer to this question will depend upon your computer's type and your operating system. Refer to the chart below to see what form of disk encryption you should be using. There are third party products that provide full disk encryption on multiple platiforms which are not discussed here. A few of these have been listed in the additional resources.

 

Operating System	Encryption Method
Windows 2000 Professional	TrueCrypt
Windows XP SP2	TrueCrypt
Windows Vista	BitLocker*, TrueCrypt
Mac OS 10.3 or Greater	FileVault
USB Devices, Linux	TrueCrypt

*When using Windows Vista, ITS recommends BitLocker instead of TrueCrypt

 

 

 

BitLocker

BitLocker is a form of encryption that comes with Windows Vista.  BitLocker protects your files by using something called Full Volume Encryption.  By encrypting the entire hard drive Vista is able to provide a much higher level of security against offline attacks. While this protects the data from offline attacks once Windows has started, BitLocker has already done all of the protection it can do. BitLocker also uses the University of Iowa's active directory system to store keys and help manage your computer's protection.

 

FileVault

FileVault is a form of encryption that comes with Mac OSX v10.3 and later.   The way FileVault works is by providing encryption for a user’s home directory and encrypting the user’s files on the fly.   FileVault uses the 128-bit AES algorithm and makes the key for this data based on the user’s password.   FileVault also has a master password to help you get to your files in case your password is lost. Unfortunately, FileVault cannot be integrated with Active Directory so recovery options are limited to only to the Master Password.

 

TrueCrypt

TrueCrypt is an open source on the fly encryption program that works on Linux and Windows 2000 and later.   TrueCrypt creates what’s called a “file-hosted container” which makes an encrypted volume inside a regular file that can be mounted as an actual disc.  The fact that it can create its own containers and has a travel mode makes this a very useful tool when encrypting USB devices like flash drives.  TrueCrypt cannot be integrated with Active Directory and there is no sort of master password so it is very important to keep a backup of the encryption key.

 

• On to Step 3: Implementing an Encryption method

 

Back to Help Desk Encryption Support Center

Last Updated: 04/24/2008

Search ITS

UI Home | UI A-Z Search | UI Phonebook/Email | Contact Us

Copyright © 2008, The University of Iowa, all rights reserved.