BitLocker - Choose Encryption Cipher Strength in Windows 8

How to Choose BitLocker Drive Encryption Method and Cipher Strength in Windows 8

information   Information
BitLocker Drive Encryption supports AES 128-bit and 256-bit encryption keys. AES 256-bit provides a stronger level of security and is less likely to be successfully attacked by the use of brute-force methods. By default, BitLocker Drive Encryption uses AES 128-bit in Windows 8.

This tutorial will show you how to configure the algorithm and cipher strength used by BitLocker Drive Encryption to be AES 128-bit or 256-bit in Windows 8.

You must be signed in as an administrator to be able to do the steps in this tutorial.

Note   Note

  • This is used on drives that you turn on BitLocker Drive Encryption for after choosing AES-128 or AES-256.
  • Changing the encryption method has no effect if the drive is already encrypted or if encryption is in progress.
  • This does not apply to hardware encrypted drives. Encrypted drives utilize their own algorithm and it is set by the drive during partitioning.

warning   Warning
BitLocker Drive Encryption is only available in the Windows 8 Pro and Windows 8 Enterprise editions.





OPTION ONE

Choose Drive Encryption Method & Cipher Strength using Group Policy


1. Press the Windows + R keys to open the Run dialog, type gpedit.msc, and press Enter.​
2. If prompted by UAC, then click/tap on Yes.​
3. In the left pane of Group Policy, click/tap on to expand Computer Configuration, Administrative Templates, Windows Components, and open BitLocker Drive Encryption. (see screenshot below)​
GPEDIT-1.jpg
4. In the right pane of BitLocker Drive Encryption, double click/tap on Choose drive encryption method and cipher strength to edit it. (see screenshot above)​
5. Do step 6 or 7 below for what you would like to do.​
6. To Use the Default AES 128-bit Method and Cipher
A) Select (dot) either Not Configured or Disabled, and go to step 8 below. (see screenshot below step 8)​
NOTE: Not Configured is the default setting.​
7. To Choose the Drive Encryption Method and Cipher Strength
A) Select (dot) Enabled. (see screenshot below step 8)​
B) Under the Options section, select the encryption method you want, and go to step 8 below. (see screenshot below step 8)​
  • AES 128-bit (default)
  • AES 256-bit
8. Click/tap on OK. You can now close Group Policy if you like.​
GPEDIT-2.jpg




OPTION TWO

Choose Drive Encryption Method and Cipher Strength using REG File


1. Do step 2, 3, or 4 below for what you would like to do.​
2. To Use the Default AES 128-bit Method and Cipher
NOTE: This is the default setting, and is the same as doing step 6 in Option One above.​
A) Click/tap on the Download button below to download the file below, and go to step 5 below.​
AES_Default.reg
download
3. To Choose AES 128-bit Drive Encryption Method and Cipher Strength
NOTE: This is the same as doing step 7 in Option One above.​
A) Click/tap on the Download button below to download the file below, and go to step 5 below.​
Choose_AES_128-bit.reg
download
4. To Choose AES 256-bit Drive Encryption Method and Cipher Strength
NOTE: This is the same as doing step 7 in Option One above.​
A) Click/tap on the Download button below to download the file below, and go to step 5 below.​
Choose_AES_256-bit.reg
download
5. Save the .reg file to your desktop.​
6. Double click/tap on the downloaded .reg file to merge it.​
7. If prompted, click/tap on Run, Yes (UAC), Yes, and OK.​
8. Sign out and sign in, or restart the PC to apply.​
9. When finished, you can delete the downloaded .reg file if you like.​


That's it,
Shawn


 

Attachments

  • AES_Default.reg
    658 bytes · Views: 1,232
  • Choose_AES_128-bit.reg
    640 bytes · Views: 1,121
  • Choose_AES_256-bit.reg
    640 bytes · Views: 1,639
  • BitLocker.png
    BitLocker.png
    18 KB · Views: 280
Last edited:
Back
Top