How to Change Windows 7 BitLocker Drive Encryption Method and Cipher Strength
InformationNoteBitLocker Drive Encryption supports 128-bit and 256-bit encryption keys. Longer encryption keys provide a more enhanced level of security and are less likely to be successfully attacked by the use of brute-force methods. However, longer keys can cause slower encryption and decryption of data. On some computers, using longer keys might result in noticeable performance degradation. In addition, BitLocker supports a Diffuser algorithm to help protect the system against ciphertext manipulation attacks, a class of attacks in which changes are made to the encrypted data in an attempt to discover patterns or weaknesses.
By default, Windows 7 BitLocker Drive Encryption uses AES encryption with 128-bit encryption keys and Diffuser.WarningBitLocker is only available in the Windows 7 Ultimate and Enterprise editions.
This setting is applied when you turn on BitLocker. Changing the encryption method has no effect if the drive is already encrypted or if encryption is currently in progress. The encryption method must be changed before you encrypt the drive with BitLocker for the method you selected can be used on the drive.
OPTION ONEThrough Local Group Policy Editor
1. Open the Local Group Policy Editor.
2. In the left pane, click on to expand Computer Configuration, Administrative Templates, Windows Components, and BitLocker Drive Encryption. (See screenshot below)
3. In the right pane, right click on Choose drive encryption method and cipher strength and click on Edit. (See screenshot above)
4. To Use the Default AES 128-bit with Diffuser Method
NOTE: You can also select this in step 5 as well.
A) Select (dot) either Not Configured or Disabled. (See screenshot below step 6)5. To Change the Default Encryption Method
B) Go to step 6.
A) Select (dot) Enabled. (See screenshot below step 6)6. Click on OK. (See screenshot below)
B) Under the Options section, select the encryption method you want BitLocker to use to encrypt drive with. (See screenshot below step 6)
- AES 128-bit with Diffuser (default)
- AES 256-bit with Diffuser
- AES 128-bit
- AES 256-bit
7. Close the Local Group Policy Editor window.
OPTION TWOUsing a REG file Download
1. To Use AES 128-bit with Diffuser (default)That's it,
A) Click on the Download button below to download the file below.2. To Use AES 256-bit with Diffuser
AES_128-bit_with_Diffuser.zipB) Go to step 5.
A) Click on the Download button below to download the file below.3. To Use AES 128-bit
AES_256-bit_with_Diffuser.zipB) Go to step 5.
A) Click on the Download button below to download the file below.4. To Use AES 256-bit
B) Go to step 5.
5. Save the .zip file to the desktop.
6. Open the .zip file and extract the .reg file to the desktop.
7. Right click on the downloaded .reg file and click on Merge.
8. Click on Run, Yes, Yes, and OK when prompted.
9. Log off and log on, or restart the computer to apply.
10. When done, you can delete the downloaded .reg and .zip files on the desktop if you like.
Shawn
Related Tutorials
- How to Turn Windows 7 BitLocker To Go On or Off for Removable Drives
- How to Turn BitLocker On or Off without a TPM for Windows 7 Drive
- How to Suspend or Resume BitLocker Protection on Windows 7 Drive
- How to Turn Windows 7 BitLocker On or Off for Internal Data Hard Drives
- How to Create a Windows 7 BitLocker Drive Encryption Shortcut
- How to Lock an Unlocked BitLocker Drive
- How to Check BitLocker Status of Drive in Windows 7 and Windows 8