Serious Discussion How to enable 256-bit Bitlocker encryption on Windows


Level 44
Thread author
Top Poster
Nov 10, 2017
Bitlocker is the default encryption technology of the Windows operating system. It is used widely on Windows, but some users prefer third-party solutions, such as VeraCrypt.

What many users of Bitlocker don't know is that it defaults to 128-bit encryption, even though 256-bit is also available. Without going into too many details about the differences; the core difference between AES 128-bit and 256-bit encryption is the length of the security key. A longer key makes brute force attacks much harder.

While 128-bit is the default, even Microsoft recommends using 256-bit to improve security. Problem is, most users may not know about the weaker default or how to make the change.

First, you may want to find out which encryption method is used on the Windows device. Here is how that is done:
  1. Open the Start Menu.
  2. Type CMD and activate the "run as administrator" option while the Command Prompt result is highlighted.
  3. Run the command manage-bde -status.
  4. Windows returns a bunch of information about each volume. Check the Encryption Method status. If it reads XTS-AEs 256 you are all set and don't need to do anything. If you get XTS-AES 128, encryption is using the weaker 128-bit method.
Problem is, Windows does not include an option to migrate from 128-bit to 256-bit. Even worse, to even get the 256-bit option, it is necessary to make a change in the Group Policy Editor.

The rest

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.