[beowulf_cluster]

Regarding 3: The encryption scheme we put into place probably isn't going to slow down a motivated actor. We have master decryption passphrases that are regularly disseminated among the admins and could foreseeably end up in the wild (if nothing else, it wouldn't be difficult to social engineer).

And recently, we've started transitioning to new encryption software. Our implementation of the software prohibits more than one encryption passphrase per machine. So, in order to share machines between employees, organizations have begun sharing the same passphrase across all the organization's machines.

Source: HPES employee working on NASA ACES contract