How to Change Default BitLocker Encryption Method and Cipher Strength on Windows 10

 
You will be delighted to know that Windows 10 OS lets you enhance your files security with the help of BitLocker Encryption Method and Cipher Strength. It becomes important for you to protect your crucial data from going it into the inappropriate hands. But to offer more safety to your drives, you can modify encryption mode and cipher strength accordingly. Read Windows 10: How to Encrypt Drive Partition using Bitlocker to know more.

 

An interesting point is that BitLocker allows you to encrypt three distinct drives. First, on the operating system drive on which Windows 10 is installed. Second, on the fixed data drives, for example, internal hard drive. And lastly, the list includes removable data drive, such as USB drive. For reference, you may like to follow How to Make a Pen Drive Write Protected in Windows 10.

In addition to this, Windows provides two modes to encrypt these three drives: XTS-AES and AES-CBC.

XTS-AES :- This mode is not compatible with the previous editions of Windows. And to avail, this new disk encryption mode ensure that you are using Windows 10 version 1511 or even higher version.

AES-CBC :- It is also known as a Compatible mode. The name itself explains that this mode supports an older version of Windows. This mode is applicable especially when you are encrypting a removable drive and are going to use it in the previous edition of Windows.

Also, both these modes offer a cipher strength of 128-bit or 256-bit respectively.

So, hook to the tutorial and explore both the methods one by one.

How to Change Default BitLocker Encryption Method and Cipher Strength on Windows 10

Method 1 – Through Registry Editor

Step 1 – First of all, open Registry Editor to modify BitLocker Encryption Method and Cipher Strength. You can do so by typing regedit on Cortana text field and then select the same.

Step 2 – Upon the prompt of UAC on the PC screen, click Yes.

Step 3 – Navigate to the below-given path when Registry window comes into view –

HKEY_LOCAL_MACHINE => SOFTWARE => Policies => Microsoft => FVE

Step 4 – On the corresponding right pane of FVE, you can see three DWORDS –

a) EncryptionMethodWithXtsFdv,

b) EncryptionMethodWithXtsOs, and

c) EncryptionMethodWithXtsRdv respectively.

How to Change Default BitLocker Encryption Method and Cipher Strength on Windows 10 Photo 1

Note – In case, you don’t see the DWORDS in the right pane of FVE, create them manually. To create them, execute a right-click on FVE key and hover over New. Out of few options, click DWORD (32-bit) Value and name the DWORDs as mentioned above.

Follow this tutorial to Create a New DWORD Value in Registry Editor on Windows 10.

Moreover, the Value data for changing encryption method for Operating system and Fixed data drives are same, including their default values.

Step 5 – So, moving ahead, double-click the DWORD EncryptionMethodWithXtsFdv and EncryptionMethodWithXtsOs one after the other, then set any of the given value data as per preference.

ValueEncryption method and Cipher strength
3AES-CBC 128-bit
4AES-CBC 256-bit
6XTS-AES 128-bit (default)
7XTS-AES 256-bit

Step 6 – After setting the desired Value data, click OK to save the encryption changes of Fixed Data Drives and Operating System.

How to Change Default BitLocker Encryption Method and Cipher Strength on Windows 10 Photo 2

Step 7 – Now, to modify the encryption for Removable Data drives, double-click its DWORD namely EncryptionMethodWithXtsRdv. When it’s Edit box opens up, use any of the Value data below and click OK to save them.

ValueEncryption method and Cipher strength
3AES-CBC 128-bit (default)
4AES-CBC 256-bit
6XTS-AES 128-bit
7XTS-AES 256-bit

Step 1 – Start this method by opening Group Policy Editor and to do so, type gpedit on Cortana. Choose the result Edit group policy on the top.

Step 2 – Now, go to the below location on the left sidebar of Group Policy window.

Computer Configuration => Administrative Templates => Windows Components => BitLocker Drive Encryption

Step 3 – Shift to the right pane of BitLocker Drive Encryption and you can see few policies. Here, locate and double-click the setting namely “Choose drive encryption method and cipher strength (Windows 10 (Version 1511) and later)“.

How to Change Default BitLocker Encryption Method and Cipher Strength on Windows 10 Photo 3

Step 4 – Click Enabled dot on the top left of the next window. This also enables the encryption method for OS, removable data drives, and fixed data drives as shown in the given screenshot. So, click each drop-down and select the mode as per preference.

How to Change Default BitLocker Encryption Method and Cipher Strength on Windows 10 Photo 4

Step 5 – Finally, click Apply and OK buttons to implement the encryption changes you made above.

Conclusion

Hopefully, with any of the above two procedures in Windows 10, you can pretty much easily modify BitLocker Encryption Method and Cipher Strength. However, Group Policy seems to be simple in this case rather than tweaking the Registry. If you have some more information about this encryption topic, do write them to us.

  • How to Save Files To Removable Drives Not Protected by BitLocker on Windows 10
  • How to Add Encrypted Files to Index in Windows 10
  • How to Decrypt EFS Encrypted Folders and Files on Windows 10
  • How to Import EFS File Encryption Certificate with Key on Windows 10
  • How to Allow BitLocker Without a Compatible TPM in Windows 10
  •  

    Leave a Reply

    Your email address will not be published. Required fields are marked *