Windows 10: Change BitLocker Encryption Method and Cipher Strength in Windows 10

Discus and support Change BitLocker Encryption Method and Cipher Strength in Windows 10 in Windows 10 Tutorials to solve the problem; How to: Change BitLocker Encryption Method and Cipher Strength in Windows 10 How to Set Default BitLocker Encryption Method and Cipher Strength in... Discussion in 'Windows 10 Tutorials' started by Yasak Hayat, Dec 13, 2016.

  1. Change BitLocker Encryption Method and Cipher Strength in Windows 10


    How to: Change BitLocker Encryption Method and Cipher Strength in Windows 10

    How to Set Default BitLocker Encryption Method and Cipher Strength in Windows 10


    You can use BitLocker Drive Encryption to help protect your files on an entire drive. BitLocker can help block hackers from accessing the system files they rely on to discover your password, or from accessing your drive by physically removing it from your PC and installing it in a different one. You can still sign in to Windows and use your files as you normally would.

    New files are automatically encrypted when you add them to a drive that uses BitLocker. However, if you copy these files to another drive or a different PC, they're automatically decrypted.

    BitLocker can encrypt the drive Windows is installed on (the removable data drive (such as an external hard drive or USB flash drive).

    Windows 10 (version 1511) introduces a new disk encryption mode (XTS-AES). This mode provides additional integrity support, but is not compatible with older versions of Windows.

    You could also select to use disk encryption Compatible mode (AES-CBC) that is compatible with older versions of Windows. If you're encrypting a removable drive that you're going to use on an older version of Windows, you should use AES-CBC.

    Both BitLocker Drive Encryption modes above support using 128-bit or 256-bit cipher strength.

    Windows 10 uses XTS-AES 128 bit by default for operating system drives as well as fixed data drives, and uses AES-CBC 128 bit by default for removable data drives.

    This tutorial will show you how to set a default encryption method (XTS-AES or AES-CBC) and cipher strength (128 bit or 256 bit) you want used by BitLocker in Windows 10.

    *Warning You must be signed in as an administrator to be able to choose drive encryption method and cipher strength.

    *note BitLocker Drive Encryption is only available in Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education editions.

    *note The BitLocker encryption method and cipher strength you set as default is only applied when you turn on BitLocker for a drive. Any changes you make will not affect a drive already encrypted by BitLocker unless you turn off Bitlocker for the drive and turn on BitLocker for it again.


    CONTENTS:
    • Option One: Set Default BitLocker Drive Encryption Method and Cipher Strength in Local Group Policy Editor
    • Option Two: Set Default BitLocker Drive Encryption Method and Cipher Strength in Registry Editor





    OPTION ONE [/i] Set Default BitLocker Drive Encryption Method and Cipher Strength in Local Group Policy Editor
    1. Open the Local Group Policy Editor.

    2. In the left pane of Local Group Policy Editor, navigate to the location below. (see screenshot below)
    *Arrow Computer Configuration/Administrative Templates/Windows Components/BitLocker Drive Encryption


    Change BitLocker Encryption Method and Cipher Strength in Windows 10 [​IMG]

    3. In the right pane of BitLocker Drive Encryption in Local Group Policy Editor, double click/tap on the Choose drive encryption method and cipher strength (Windows 10 (Version 1511) and later) policy to edit it. (see screenshot above)

    4. Do step 5 (default) or step 6 (choose) below for what you would like to do.


    5. To Use Default BitLocker Drive Encryption Method and Cipher Strength
    A) Select (dot) Not Configured or Disabled, click/tap on OK, and go to step 7 below. (see screenshot below)

    *note Not Configured[/B] is the default setting.

    6. To Choose BitLocker Drive Encryption Method and Cipher Strength
    A) Select (dot) Enabled, select the encryption method you want for operating system drives, fixed data drives, and removable data drives, click/tap on OK, and go to step 7 below. (see screenshot below)


    Change BitLocker Encryption Method and Cipher Strength in Windows 10 [​IMG]

    7. When finished, you can close the Local Group Policy Editor if you like.





    OPTION TWO [/i] Set Default BitLocker Drive Encryption Method and Cipher Strength in Registry Editor
    1. Press the Win+R keys to open Run, type regedit, and click/tap on OK to open Registry Editor.

    2. If prompted by UAC, click/tap on Yes.

    3. In Registry Editor, browse to the key location below. (see screenshot below)
    *Arrow HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE


    Change BitLocker Encryption Method and Cipher Strength in Windows 10 [​IMG]


    4. Do step 5 (choose) or step 6 (default) below for what you would like to do.


    5. To Choose BitLocker Drive Encryption Method and Cipher Strength
    A) In the right pane of the FVE key, double click/tap on the EncryptionMethodWithXtsFdv DWORD to modify it. (see screenshot below step 3)

    *note If you don't have the EncryptionMethodWithXtsFdv DWORD (you don't by default), then right click or press and hold on an empty area in the right pane of the FVE key, click/tap on New, click/tap on DWORD (32-bit) Value, type EncryptionMethodWithXtsFdv, and press Enter.

    B) Type the value data in the table below for the encryption method and cipher strength you want for fixed data drives, and click/tap on OK. (see screenshot and table below)

    Change BitLocker Encryption Method and Cipher Strength in Windows 10 [​IMG]


    [table][tr][td]Value Data[/td] [td]Description[/td] [/tr] [tr][td]3[/td] [td]AES-CBC 128-bit[/td] [/tr] [tr][td]4[/td] [td]AES-CBC 256-bit[/td] [/tr] [tr][td]6[/td] [td]XTS-AES 128-bit (default)[/td] [/tr] [tr][td]7[/td] [td]XTS-AES 256-bit[/td] [/tr] [/table]

    C) In the right pane of the FVE key, double click/tap on the EncryptionMethodWithXtsOs DWORD to modify it. (see screenshot below step 3)

    *note If you don't have the EncryptionMethodWithXtsOs DWORD (you don't by default), then right click or press and hold on an empty area in the right pane of the FVE key, click/tap on New, click/tap on DWORD (32-bit) Value, type EncryptionMethodWithXtsOs, and press Enter.

    D) Type the value data in the table below for the encryption method and cipher strength you want for operating system drives, and click/tap on OK. (see screenshot and table below)

    Change BitLocker Encryption Method and Cipher Strength in Windows 10 [​IMG]


    [table][tr][td]Value Data[/td] [td]Description[/td] [/tr] [tr][td]3[/td] [td]AES-CBC 128-bit[/td] [/tr] [tr][td]4[/td] [td]AES-CBC 256-bit[/td] [/tr] [tr][td]6[/td] [td]XTS-AES 128-bit (default)[/td] [/tr] [tr][td]7[/td] [td]XTS-AES 256-bit[/td] [/tr] [/table]

    E) In the right pane of the FVE key, double click/tap on the EncryptionMethodWithXtsRdv DWORD to modify it. (see screenshot below step 3)

    *note If you don't have the EncryptionMethodWithXtsRdv DWORD (you don't by default), then right click or press and hold on an empty area in the right pane of the FVE key, click/tap on New, click/tap on DWORD (32-bit) Value, type EncryptionMethodWithXtsRdv, and press Enter.

    F) Type the value data in the table below for the encryption method and cipher strength you want for removable data drives, click/tap on OK, and go to step 7 below. (see screenshot and table below)

    Change BitLocker Encryption Method and Cipher Strength in Windows 10 [​IMG]


    [table][tr][td]Value Data[/td] [td]Description[/td] [/tr] [tr][td]3[/td] [td]AES-CBC 128-bit (default)[/td] [/tr] [tr][td]4[/td] [td]AES-CBC 256-bit[/td] [/tr] [tr][td]6[/td] [td]XTS-AES 128-bit[/td] [/tr] [tr][td]7[/td] [td]XTS-AES 256-bit[/td] [/tr] [/table]


    6. To Use Default BitLocker Drive Encryption Method and Cipher Strength
    A) In the right pane of the FVE key, right click or press and hold on the EncryptionMethodWithXtsFdv DWORD, and click/tap on Delete. (see screenshot below step 3)

    B) Click/tap on Yes to confirm. (see screenshot below)

    Change BitLocker Encryption Method and Cipher Strength in Windows 10 [​IMG]

    C) In the right pane of the FVE key, right click or press and hold on the EncryptionMethodWithXtsOs DWORD, and click/tap on Delete. (see screenshot below step 3)

    D) Click/tap on Yes to confirm. (see screenshot below)

    Change BitLocker Encryption Method and Cipher Strength in Windows 10 [​IMG]

    E) In the right pane of the FVE key, right click or press and hold on the EncryptionMethodWithXtsRdv DWORD, and click/tap on Delete. (see screenshot below step 3)

    F) Click/tap on Yes to confirm, and go to step 7 below. (see screenshot below)

    Change BitLocker Encryption Method and Cipher Strength in Windows 10 [​IMG]

    7. When finished, you can close Registry Editor if you like.

    That's it,
    Shawn


    Related Tutorials

    :)
     
    Yasak Hayat, Dec 13, 2016
    #1
  2. Wolfpup3 Win User

    Bitlocker in Windows 10 without TPM

    Are you sure you've got 10 Pro installed (fully patched up) and are logged in as an Admin?

    Assuming that, I'm guessing you're looking under the wrong section. I double checked, and it's right there in the local group policy editor under Local Computer Policy/ Computer Configuration/Administrative Templates/Windows Components/Bitlocker Drive Encryption.

    I also set the "Choose drive encryption method and cipher strength" to the newer/better XTS-AES 256-bit method under there.
     
    Wolfpup3, Dec 13, 2016
    #2
  3. CANNOT USE ENHANCED BITLOCKER PIN

    Hello,

    I am having problem with creating complex passwords while activating BitLocker drive encryption at win10.

    It only lets me to put numeric password but I want to use complex password with characters, letters and symbols.

    I already enabled

    - "System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing”

    - "Choose drive encryption method and cipher strength"

    - "Allow Enhanced PINs For Startup"

    policies before I start encryption but nothing changed. Is there a way to use complex passwords?
     
    Emre.Bayram, Dec 13, 2016
    #3
  4. Brink
    Brink New Member

    Change BitLocker Encryption Method and Cipher Strength in Windows 10

    Hello Yasak, *Smile

    That's correct. The keys will not be there by default in OPTION TWO unless added.
     
    Brink, Dec 13, 2016
    #4
  5. kevvyb Win User
    Hi

    Am just about to do this and need to step back. I will use the stronger cipher for all but USB drives. I will use a usb drive for authentication as well the windows password (if that's possible).

    However, I have been used to using Truecrypt, partitioning all my drives to separate O/S and data. Truecrypt helpfully offered the function to mount the data drive/partition along with the system drive when the boot key was entered (as long as same key was used for both o/s and data partitions).

    Now the real point of my post.....
    This worked really well and allowed me to move the locations of special folders to the data drive from where I backed these up, altogether, pictures, music, videos, downloads and desktop. The latter may be an issue with Bitlocker if unlike Truecrypt, it does not offer a way of mounting data drive along with o/s at boot time - otherwise the desktop and taskbar will probably not populate properly at boot.

    Need to understand this before I start encryption.

    It looks like I have to encrypt the partitions separately... or can they be encrypted together i.e. whole system drive including data partition....? Happy to use the same key for both as I did with Truecrypt.

    Just need to know that my desktop will load at boot from the data partition if I move the special folder to data partition.
     
    kevvyb, Jan 26, 2017
    #5
  6. Brink
    Brink New Member
    Hello Kevin, *Smile

    That's correct. BitLocker will encrypt per drive instead of whole hard disk.
     
    Brink, Jan 26, 2017
    #6
  7. kevvyb Win User
    Thanks. Any idea on how it deals with changed location of desktop special folder at boot time? Does it mean that a password or whatever authentication is used has to be used twice, once for each partition, o/s and data partition (the latter being where I would preferably store the desktop special folder)?
     
    kevvyb, Jan 26, 2017
    #7
  8. Brink
    Brink New Member

    Change BitLocker Encryption Method and Cipher Strength in Windows 10

    I haven't tested to know 100%, but I would think that if you have it set to unlock the drive when you sign in to Windows 10, it'll be fine.
     
    Brink, Jan 26, 2017
    #8
  9. kevvyb Win User
    kevvyb, Jan 26, 2017
    #9
  10. Brink
    Brink New Member
    Please let us know how it went to confirm. *Smile
     
    Brink, Apr 4, 2018
    #10
Thema:

Change BitLocker Encryption Method and Cipher Strength in Windows 10

Loading...
  1. Change BitLocker Encryption Method and Cipher Strength in Windows 10 - Similar Threads - Change BitLocker Encryption

  2. BitLocker Drive Encryption

    in AntiVirus, Firewalls and System Security
    BitLocker Drive Encryption: BitLocker Drive Encryption keeps appearing when I try to turn on my desk top PC. I live alone, and do not share the PC. It is rather annoying to punch in 48 digits, just to start it up; then punch in my password. I use Microsoft security, but it gets turned off a lot. Do I...
  3. How to change BitLocker Encryption method & Cipher Strength in Windows 10

    in Windows 10 News
    How to change BitLocker Encryption method & Cipher Strength in Windows 10: [ATTACH] [ATTACH]Windows 10 uses XTS-AES 128 bit by default for operating system drives as well as fixed data drives – and AES-CBC 128 bit by default for removable data drives. In this post, we will show you how to set a [...] This post How to change BitLocker Encryption...
  4. Device Encryption and BitLocker

    in AntiVirus, Firewalls and System Security
    Device Encryption and BitLocker: Hello MS Community! Posting a subject name as Device Encryption and BitLocker, would it be correct to have it as: BitLocker Device Encryption and standard BitLocker? It's been way too late for me to know about Device Encryption and I hope the experts about this subject...
  5. BitLocker Drive Encryption

    in AntiVirus, Firewalls and System Security
    BitLocker Drive Encryption: When I was trying to encrypt my external hard ( ADATA SH93 USB DEVICE ) and after I got the recovery key, I couldn't continue with BitLocker Drive Encryption. Now I can’t open my external hard, anymore, I tried several times, I changed also the computer but I can’t do...
  6. Encrypt a folder with Cipher

    in Windows 10 Network and Sharing
    Encrypt a folder with Cipher: I recently heard about this command in the Cmd called "cipher" where it can encrypt a folder, so I decided to give it a try. This is what the file looks like: [ATTACH] So I try to encrypt Derek's things(a folder) with the command in the command prompt: (my drive is C:)...
  7. Bitlocker Drive Encryption

    in Windows 10 Drivers and Hardware
    Bitlocker Drive Encryption: I got 500 Gb drive , about 450 Gb of data I started the encryption process , it reached 58.7% and stuck there without a change since yesterday please advice. Thanks [ATTACH]...
  8. Bitlocker not encrypting document partition (Windows 10 Pro)

    in AntiVirus, Firewalls and System Security
    Bitlocker not encrypting document partition (Windows 10 Pro): I've turned on Bitlocker on my laptop. It doesn't seem to have encrypted all of my logical drives, and for a couple of them it doesn't give me the option. I have a 1 TB hybrid drive which currently has 4 partitions: C, E, F, and a recovery partition. As far as I recall, I...
  9. Bitlocker: Encrypted USB no access

    in AntiVirus, Firewalls and System Security
    Bitlocker: Encrypted USB no access: Hello, I have a usb that has been encrypted using bitlocker, I can connect this usb to my desktop and I can input the password and access the usb. However on my laptop and other computers, when I plug in the usb I do not get the prompt to input my password and instead just...
  10. Changing the BitLocker Recovery Key on an Already Encrypted OS drive?

    in AntiVirus, Firewalls and System Security
    Changing the BitLocker Recovery Key on an Already Encrypted OS drive?: Is there a way I can change the BitLocker recovery key to a new one on my encrypted OS drive? Do I need to first Suspend BitLocker to do so? Is there a tutorial on this here? Thanks 101007
Tags:

Users found this page by searching for:

  1. change bitlocker cipher strength windows 10

    ,
  2. bitlocket auto boot htpc