Windows 10 makes use of XTS-AES 128 bit by default for working system drives in addition to mounted knowledge drives – and AES-CBC 128 bit by default for detachable knowledge drives. In this submit, we are going to present you the way to set a default encryption method (XTS-AES or AES-CBC) and cipher power (128 bit or 256 bit) you need to be utilized by in Windows 10.
Windows 10 launched a brand new disk encryption mode (XTS-AES). This mode offers further integrity assist – however shouldn’t be suitable with older variations of Windows. You can choose to use disk encryption Compatible mode (AES-CBC) that’s suitable with older variations of Windows. If you’re encrypting a detachable drive that you simply’re going to use on an older model of Windows, you need to use AES-CBC.
Both BitLocker Drive Encryption modes above assist utilizing 128-bit or 256-bit cipher power.
Note: BitLocker Drive Encryption is simply out there in Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education editions.
Change BitLocker Encryption method & Cipher Strength
The BitLocker encryption method and Cipher power you set as default is simply utilized whenever you activate BitLocker for a drive. Any adjustments you make is not going to have an effect on a drive already encrypted by BitLocker until you flip off Bitlocker for the drive and activate BitLocker for it once more.
Note: You should be signed in as an to give you the chance to select drive encryption method and cipher power.
and on the left pane of Local Group Policy Editor, navigate to the next location:
Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption.
On the proper pane of BitLocker Drive Encryption, double-click Choose drive encryption method and cipher power (Windows 10 (Version 1511) and later) coverage to edit it.
This coverage setting permits you to configure the algorithm and cipher power utilized by BitLocker Drive Encryption. This coverage setting is utilized whenever you activate BitLocker. Changing the encryption method has no impact if the drive is already encrypted, or if encryption is in progress.
If you allow this coverage setting it is possible for you to to configure an encryption algorithm and key cipher power for mounted knowledge drives, working system drives, and detachable knowledge drives individually. For mounted and working system drives, we advocate that you simply use the XTS-AES algorithm. For detachable drives, you need to use AES-CBC 128-bit or AES-CBC 256-bit if the drive can be used in different units that aren’t working Windows 10 (Version 1511).
If you disable or don’t configure this coverage setting, BitLocker will use AES with the identical bit power (128-bit or 256-bit) because the “Choose drive encryption method and cipher power (Windows Vista, Windows Server 2008, Windows 7)” and “Choose drive encryption method and cipher power” coverage settings (in that order), if they’re set. If not one of the insurance policies are set, BitLocker will use the default encryption method of XTS-AES 128-bit or the encryption method specified by the setup script.”
As proven in the screenshot above, do the next;
To Use Default BitLocker Drive Encryption Method and Cipher Strength
- Select the radio button for Not Configured or Disabled, click on OK. You can now exit Group Policy editor.
To Choose BitLocker Drive Encryption Method and Cipher Strength
- Select the radio button for Enabled, choose the encryption method you need for working system drives, mounted knowledge drives, and detachable knowledge drives, click on OK.
You can now exit Group Policy Editor.