Skip to main content


Force BitLocker To Use 256-Bit AES Encryption


One of the most secure ways to protect your sensitive data that's stored on your hard disk from unauthorized access, Is to password-protect the disk with encryption. This can easily be done using the Windows native utility named BitLocker Drive Encryption. It's very Important to lock a fixed or removable drive when not In use, so too Is the encryption strength. As such, In this tutorial, I will show you how to force  BitLocker to use 256-Bit AES encryption.


Before I begin, here's what I'm referring to In terms of BitLocker Itself. To access BitLocker Drive Encryption, you'd normally have to navigate to Control Panel > System and Security > Manage BitLocker, and you can then apply It on selected drives as per the Image below.


Once you've enabled BitLocker Drive Encryption on a given drive, It will be locked, thus protecting the data It contains. The only way to access the drive, Is (for example) to enter a password and then hit the Unlock button.


By default, BitLocker uses 128-bit AES encryption, which Is considered pretty secure. That said, I'm a firm believer that If there's a more secure option available, use It! Which brings me to my next point. You can actually force BitLocker to use 256-bit AES encryption, which In my opinion, Is a lot more secure than 128-bit.

Now there's mixed thoughts about this, and you'll read many articles online to the contrary of what I've just mentioned. But did you know that the NSA uses 128-bit AES encryption for data classed as SECRET, and 256-bit AES encryption for TOP SECRET data? Clearly and given that the NSA considers the latter to be more secure, doesn't that tell you something? Enough said.

I will demonstrate how to force BitLocker to use 256-bit AES encryption, by using the good old Group Policy Editor. Do note that the GPE Is only available In Windows 10 Pro, Enterprise and Education Editions. If you're running either of these, then this tutorial Is for you. So without further ado, let's get this started.

Step One:

The first thing you need to do, Is access the Group Policy Editor. Open the Run menu, enter gpedit.msc and hit OK as shown below.


Step Two:

The Group Policy Editor will now open, so navigate to the following directory.
Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption

Make sure the BitLocker Drive Encryption folder Is selected, and on the right pane, double-click Choose drive encryption method and cipher strength.


Last Step:

To the left of the window, click the Enabled radio button, and then hit the drop-down menu just below that. Select AES 256-bit and to finalize the process, click OK. From this point forward, BitLocker will use 256-Bit AES encryption as the default encryption method.


Final Thoughts:

If you're running Windows 10 version 1511, you will have a new disk encryption available, namely XTS-AES 256-bit, so select this as per the above step. The good thing about Implementing this via the Group Policy Editor, Is that It takes effect Immediately, without the need to reboot your computer.

If you want to reverse the change back to Its original state, simply refer to the Last Step, and select the Not Configured radio button. Don't forget to hit OK on exit.



Comments

Popular posts from this blog

Check The Health Of Your Laptop's Battery

When you first purchase your laptop and fully charge the battery thereafter, It runs at It's optimal state for quite a while. However, over time, It Inevitably decreases In performance, and does not hold It's charge capacity as per It's brand new state. This Is due to wear & tear, and a few other factors. It's very Important to know the condition of your battery, so In this tutorial, I will show you how to view the current status and health of your laptop's battery.

How To Create A Virtual Machine Using VMware

A virtual machine, often abbreviated as a VM, Is a software program containing an operating system that's Installed on the physical machine (PC), and operates In It's own Isolated environment. Every task performed In the VM, remains there, without affecting the main computer. Every user should have a virtual machine up and running, so In this tutorial, I will demonstrate a detailed guide on how to create & Install a virtual machine on your computer, namely VMware Workstation.

Force Windows 10 To Boot To Advanced Startup

In the event your operating system corrupts and losses functionality to some degree, Windows 10 has the Advanced Startup Options menu, that contains a range of diagnostic and repair utilities to help restore the OS back to It's functional state. You can perform a System Restore, Reset your PC, execute commands via the Command Prompt and more. To have It readily available, In this tutorial, I will show you how to force Windows 10 to always boot to the Advanced Startup settings.