Skip to main content


Force BitLocker To Use 256-Bit AES Encryption


One of the most secure ways to protect your sensitive data that's stored on your hard disk from unauthorized access, Is to password-protect the disk with encryption. This can easily be done using the Windows native utility named BitLocker Drive Encryption. It's very Important to lock a fixed or removable drive when not In use, so too Is the encryption strength. As such, In this tutorial, I will show you how to force  BitLocker to use 256-Bit AES encryption.


Before I begin, here's what I'm referring to In terms of BitLocker Itself. To access BitLocker Drive Encryption, you'd normally have to navigate to Control Panel > System and Security > Manage BitLocker, and you can then apply It on selected drives as per the Image below.


Once you've enabled BitLocker Drive Encryption on a given drive, It will be locked, thus protecting the data It contains. The only way to access the drive, Is (for example) to enter a password and then hit the Unlock button.


By default, BitLocker uses 128-bit AES encryption, which Is considered pretty secure. That said, I'm a firm believer that If there's a more secure option available, use It! Which brings me to my next point. You can actually force BitLocker to use 256-bit AES encryption, which In my opinion, Is a lot more secure than 128-bit.

Now there's mixed thoughts about this, and you'll read many articles online to the contrary of what I've just mentioned. But did you know that the NSA uses 128-bit AES encryption for data classed as SECRET, and 256-bit AES encryption for TOP SECRET data? Clearly and given that the NSA considers the latter to be more secure, doesn't that tell you something? Enough said.

I will demonstrate how to force BitLocker to use 256-bit AES encryption, by using the good old Group Policy Editor. Do note that the GPE Is only available In Windows 10 Pro, Enterprise and Education Editions. If you're running either of these, then this tutorial Is for you. So without further ado, let's get this started.

Step One:

The first thing you need to do, Is access the Group Policy Editor. Open the Run menu, enter gpedit.msc and hit OK as shown below.


Step Two:

The Group Policy Editor will now open, so navigate to the following directory.
Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption

Make sure the BitLocker Drive Encryption folder Is selected, and on the right pane, double-click Choose drive encryption method and cipher strength.


Last Step:

To the left of the window, click the Enabled radio button, and then hit the drop-down menu just below that. Select AES 256-bit and to finalize the process, click OK. From this point forward, BitLocker will use 256-Bit AES encryption as the default encryption method.


Final Thoughts:

If you're running Windows 10 version 1511, you will have a new disk encryption available, namely XTS-AES 256-bit, so select this as per the above step. The good thing about Implementing this via the Group Policy Editor, Is that It takes effect Immediately, without the need to reboot your computer.

If you want to reverse the change back to Its original state, simply refer to the Last Step, and select the Not Configured radio button. Don't forget to hit OK on exit.



Comments

Popular posts from this blog

How To Decode The Windows 10 Product Key

Every Windows 10 operating system that's Installed and activated on the computer, has what's called a Product Key, that Is either pre-Installed by the manufacturer, or added by the end user when formatting their PC. In order to have a fully-functional OS, It must contain a valid Product Key. Whilst there are many tools that can extract It from the operating system, In this tutorial, I will show you how to manually decode the Product Key.

How To Rename Any Power Plan In Windows 10

In terms of managing and controlling the way your computer utilizes power during It's computing operations, Windows has built-In power plans, that are basically a collection of hardware and system settings. By default, there are three In total, namely Balanced, Power Saver and High Performance. Whilst you can change the plan Itself, there's no option to do the same with It's name, hence In this tutorial, I will show you how to rename any power plan In Windows 10.

How To Create A Fake File Of Any File Size

Depending on your business environment or Individual requirements, sometimes there Is the need to test files of a given capacity. Such tests can Include Identifying how well your hard disks perform under heavy read/write operations, or to establish whether files can be securely deleted beyond recovery. Whatever the reason may be, In this tutorial, I will show you how to create a fake file of any file size.