Windows 10: Enable 256-bit Bitlocker encryption on Windows 11 to boost security

Discus and support Enable 256-bit Bitlocker encryption on Windows 11 to boost security in Windows 10 News to solve the problem; Bitlocker is the default encryption technology of the Windows operating system. It is used widely on Windows, but some users prefer third-party... Discussion in 'Windows 10 News' started by GHacks, Nov 25, 2023.

  1. GHacks
    GHacks New Member

    Enable 256-bit Bitlocker encryption on Windows 11 to boost security


    Bitlocker is the default encryption technology of the Windows operating system. It is used widely on Windows, but some users prefer third-party solutions, such as VeraCrypt.

    What many users of Bitlocker don't know is that it defaults to 128-bit encryption, even though 256-bit is also available. Without going into too many details about the differences; the core difference between AES 128-bit and 256-bit encryption is the length of the security key. A longer key makes brute force attacks much harder.

    While 128-bit is the default, even Microsoft recommends using 256-bit to improve security. Problem is, most users may not know about the weaker default or how to make the change.

    First, you may want to find out which encryption method is used on the Windows device. Here is how that is done:

    1. Open the Start Menu.
    2. Type CMD and activate the "run as administrator" option while the Command Prompt result is highlighted.
    3. Run the command manage-bde -status.
    4. Windows returns a bunch of information about each volume. Check the Encryption Method status. If it reads XTS-AEs 256 you are all set and don't need to do anything. If you get XTS-AES 128, encryption is using the weaker 128-bit method.

    Problem is, Windows does not include an option to migrate from 128-bit to 256-bit. Even worse, to even get the 256-bit option, it is necessary to make a change in the Group Policy Editor.

    Enable 256-bit Bitlocker encryption on Windows 11 to boost security bitlocker-drive-encryption-256-bit.png

    Here is a step-by-step guide on how to do that:

    1. Open the Start Menu.
    2. Type gpedit.msc and select Edit Group Policy.
    3. Navigate to Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption.
    4. Double-click on "Choose drive encryption method and cipher strength" to manage this policy. Note that there are three entries for different versions of Windows. Select Windows 10 [Version 1511] and later.
    5. Switch the status of the policy to Enabled.
    6. Change the encryption method for operating system and fixed drives to XTS-AES 256-bit. You may also make the change for removable data drives. Some say that AES-CBS 256-bit offers better compatibility, but this is only important if you plug-in the removable drive into other systems.
    7. Select OK to make the change.

    Once you have made the required changes, you need to decrypt the BitLocker encrypted drives and then re-encrypt them. BitLocker uses the new encryption method automatically when it encrypts volumes on the system.

    The easiest way to get started is to open the Start Menu, type BitLocker and select the Manage BitLocker option.

    It opens the classic Control Panel of the Windows operating system. There you find either "Turn BitLocker on", if the drive is not encrypted, or "Turn off BitLocker" if it is encrypted.

    Select Turn off BitLocker first to decrypt the entire volume that you have selected. Then, once done, select Turn BitLocker on to encrypt the volume using the stronger encryption method. Repeat the process for all volumes that you want to protect with BitLocker.

    You can check out my guide on encryption Windows 10 hard drives with BitLocker. It is from 2015, but the process has not changed.

    Now You: do you encrypt your drives and devices?

    Thank you for being a Ghacks reader. The post Enable 256-bit Bitlocker encryption on Windows 11 to boost security appeared first on gHacks Technology News.

    read more...
     
    GHacks, Nov 25, 2023
    #1

  2. Is 256-bit BitLocker encryption really 256-bit?

    It might sound like a silly question, but clearly I'm not getting something. I've enabled 256-bit encryption in group policy settings and encrypted a drive.
    manage-bde -status says Encryption Method: XTS-AES 256. But the recovery key is still 48 digits long. Since every sixth digit is a checksum, it gives us 10^40 (about 2^133) combinations. Doesn't this make the encryption key effectively
    133 bits long?
     
    Piotr Urbańczyk, Nov 25, 2023
    #2
  3. 256 bit encryption

    I am needing to set up 256 bit encryption i have upgraded to windows 10 pro but am unable to activate due to bitlocker issues please can you help
     
    TrudyPringle, Nov 25, 2023
    #3
  4. Wolfpup3 Win User

    Enable 256-bit Bitlocker encryption on Windows 11 to boost security

    Bitlocker hardware encryption on M500 + XTS-AES 256-bit setting

    I recently discovered that the november update of Windows 10 (1511) supports a new, better mode of encryption for Bitlocker, namely XTS-AES. I also discovered that you can use 256-bit instead of 128-bit encryption on both the old method of encryption, and
    the new XTS-AES encryption.

    I've got a single drive that supports eDrive/hardware encryption with Bitlocker-Crucial's M500. It was working before, but when I set Windows to use XTS-AES 256-bit, it can't get past the test Bitlocker screen...I punch in my password and the computer just
    locks up. I have to reboot, then hit escape to get back to Windows, which tells me the attempt failed.

    I'm not sure what kind of encryption the M500 uses...it's supposed to be 256-bit, but maybe turning on XTS-AES 256-bit causes this to not work?

    There's a setting in Windows to just use software encryption, and maybe doing that, bypassing hardware would actually be better encryption than what the drive does?

    Any thoughts on this, why this isn't working, whether I should switch to software encryption on it?
     
    Wolfpup3, Nov 25, 2023
    #4
Thema:

Enable 256-bit Bitlocker encryption on Windows 11 to boost security

Loading...
  1. Enable 256-bit Bitlocker encryption on Windows 11 to boost security - Similar Threads - Enable 256 bit

  2. Can't enable bitlocker encryption.

    in Windows 10 Gaming
    Can't enable bitlocker encryption.: Hello. I have a problem. I can't enable bitlocker encryption. I have windows 11 21h2 home single language, I also recently performed a local reinstall of windows....
  3. Can't enable bitlocker encryption.

    in Windows 10 Software and Apps
    Can't enable bitlocker encryption.: Hello. I have a problem. I can't enable bitlocker encryption. I have windows 11 21h2 home single language, I also recently performed a local reinstall of windows....
  4. Enabling PTT with bitlocker encrypted system drive.

    in AntiVirus, Firewalls and System Security
    Enabling PTT with bitlocker encrypted system drive.: Hi,I currently have a Win 10 pro desktop with no TPM and have used the group policy to allow me to encrypt the system drive so I'm asked for the decryption password in the pre-boot environment. I've since discovered while looking at Win 11 compatibility that the BIOS allows...
  5. Facing issue when enable bitlocker encryption

    in Windows 10 Customization
    Facing issue when enable bitlocker encryption: Hi, When I try to enable Bitlocker encryption showing error "This device can't use a Trusted Platform Module". Your administrator must set the "Allow Bitlocker without a compatible TPM". Please find the below snap. [ATTACH] My LaptopLenovo ThinkPad E460, TYPE:20ETA004SG...
  6. Windows 10 BitLocker Drive Encryption AND Device Encryption enabled?

    in AntiVirus, Firewalls and System Security
    Windows 10 BitLocker Drive Encryption AND Device Encryption enabled?: Recently I looked into enabling "BitLocker Drive Encryption" on Windows 10 Pro. After enabling it, I discovered that "Device Encryption" under Settings -> Update and Security -> Device Encryption was already enabled. This is a new Lenovo laptop from 12/2020, bought from...
  7. Is 256-bit BitLocker encryption really 256-bit?

    in AntiVirus, Firewalls and System Security
    Is 256-bit BitLocker encryption really 256-bit?: It might sound like a silly question, but clearly I'm not getting something. I've enabled 256-bit encryption in group policy settings and encrypted a drive.manage-bde -status says Encryption Method: XTS-AES 256. But the recovery key is still 48 digits long. Since every sixth...
  8. BitLocker encryption is enabled on your OS

    in Windows 10 BSOD Crashes and Debugging
    BitLocker encryption is enabled on your OS: ***Modify title from: Trying to change boot configuration, but BitLocker prompts recovery mode - except I run Windows 10 Home, and don't have BitLocker installed?*** I am optimizing my Wintows 10 laptop by changing the boot settings to use all of my processors, not GUI...
  9. Bitlocker password 256 characters breaks unlocking

    in AntiVirus, Firewalls and System Security
    Bitlocker password 256 characters breaks unlocking: Hello I've run into a little problem with bitlocker password length. Somewhere I read that you can use up to 256 characters for the recovery password so I generated such a password via keepass. The bitlocker UI obviously had no problem with this. After restarting the system...
  10. Bitlocker Device Encryption enabled after imaging

    in AntiVirus, Firewalls and System Security
    Bitlocker Device Encryption enabled after imaging: I am trying to create a Windows 10 image for my organization, and cannot figure out one particular issue with Bitlocker. It seems that after I sysprep, and throw the image on a new computer, it then has BitLocker partially enabled. What I mean is that when going to the About...