Windows 7: BitLocker Drive Encryption - Change Encryption Method and Cipher Strength

   Information

This will show you how to change the encryption algorithm and key cipher strength used by BitLocker to encrypt drives in Windows 7.

   Note

BitLocker Drive Encryption supports 128-bit and 256-bit encryption keys. Longer encryption keys provide a more enhanced level of security and are less likely to be successfully attacked by the use of brute-force methods. However, longer keys can cause slower encryption and decryption of data. On some computers, using longer keys might result in noticeable performance degradation. In addition, BitLocker supports a Diffuser algorithm to help protect the system against ciphertext manipulation attacks, a class of attacks in which changes are made to the encrypted data in an attempt to discover patterns or weaknesses.

By default, Windows 7 BitLocker Drive Encryption uses AES encryption with 128-bit encryption keys and Diffuser.

   Warning

BitLocker is only available in the Windows 7 Ultimate and Enterprise editions.

This setting is applied when you turn on BitLocker. Changing the encryption method has no effect if the drive is already encrypted or if encryption is currently in progress. The encryption method must be changed before you encrypt the drive with BitLocker for the method you selected can be used on the drive.

OPTION ONE

Through Local Group Policy Editor

1. Open the Local Group Policy Editor.

2. In the left pane, click on to expand Computer Configuration, Administrative Templates, Windows Components, and BitLocker Drive Encryption. (See screenshot below)

3. In the right pane, right click on Choose drive encryption method and cipher strength and click on Edit. (See screenshot above)

4. To Use the Default AES 128-bit with Diffuser Method
NOTE: You can also select this in step 5 as well.

A) Select (dot) either Not Configured or Disabled. (See screenshot below step 6)

B) Go to step 6.

5. To Change the Default Encryption Method

A) Select (dot) Enabled. (See screenshot below step 6)

B) Under the Options section, select the encryption method you want BitLocker to use to encrypt drive with. (See screenshot below step 6)

• AES 128-bit with Diffuser (default)
• AES 256-bit with Diffuser
• AES 128-bit
• AES 256-bit

6. Click on OK. (See screenshot below)

7. Close the Local Group Policy Editor window.

OPTION TWO

Using a REG file Download

1. To Use AES 128-bit with Diffuser (default)

A) Click on the Download button below to download the file below.

AES_128-bit_with_Diffuser.zip

B) Go to step 5.

2. To Use AES 256-bit with Diffuser

A) Click on the Download button below to download the file below.

AES_256-bit_with_Diffuser.zip

B) Go to step 5.

3. To Use AES 128-bit

A) Click on the Download button below to download the file below.

AES_128-bit.zip

B) Go to step 5.

4. To Use AES 256-bit

A) Click on the Download button below to download the file below.

AES_256-bit.zip

5. Save the .zip file to the desktop.

6. Open the .zip file and extract the .reg file to the desktop.

7. Right click on the downloaded .reg file and click on Merge.

8. Click on Run, Yes, Yes, and OK when prompted.

9. Log off and log on, or restart the computer to apply.

10. When done, you can delete the downloaded .reg and .zip files on the desktop if you like.