Home > Wiki Tips

BitLocker AES 256: Is It Safer Than AES 128 & How to Change?

Published/Updated on Wednesday, December 4, 2024

M3 Software author Wilsey Young

Written by

Wilsey Young

English

Summary: What is BitLocker AES 256? Is BitLocker AES 256 more secure than AES 128? This post answers the questions and offers detailed steps for converting BitLocker AES 128 to BitLocker AES 256 via Local Group Policy Editor on Windows OS.

BitLocker AES 256

BitLocker is a full disk encryption feature built into certain versions of Windows. It primarily aims to protect data by encrypting the hard drive, making it inaccessible to unauthorized users or data theft. BitLocker makes all the difference in securing sensitive data, especially in case a device is lost, stolen, or improperly decommissioned.

BitLocker uses AES (Advanced Encryption Standard), a worldwide symmetric encryption algorithm to encrypt the entire drive, ensuring that all data stored on the drive or specific volume is protected.

Some BitLocker users notice the different BitLocker drive encryption methods and cipher strength, and they wonder what BitLocker AES 256 means and whether it's more secure than AES 128.

You can click the buttons to share this post!

 

Reddit discussions on BitLocker AES 256

There are heated discussions about BitLocker XTS-AES 256-bit in the post on Reddit, where BitLocker users explain why XTS-AES 128-bit is set to default in BitLocker encryption. Performance impact on SSD when using BitLocker encryption method XTS-AES 256 is also mentioned, as well as the differences between BitLocker XTS-AES 256-bit and 128-bit.

You can check the following post for more details and information about BitLocker AES 256.

Bitlocker Encryption method 128 vs 256...
by u/BunnyBunny777 in Windows11

What is BitLocker AES 256? Is it more secure than AES 128?

AES (Advanced Encryption Standard) is a highly secure and efficient encryption algorithm used in many applications worldwide. It has been adopted by various institutes and organizations as the standard encryption method for safeguarding data and information.

AES plays an extremely crucial role in securing communications and encrypting disks. The high reliability and strong security of AES are epitomized by BitLocker, which uses the AES algorithm to encrypt the entire drive or specific volume, on which all the data can be securely protected.

128-bit or 256-bit refers to the key lengths that BitLocker AES supports, and the key length determines the number of rounds during the encryption, where each round involves mathematical operations, transforming the plaintext into the ciphertext. 

BitLocker XTS-AES 256-bit involves 14 rounds, 4 rounds more than that of BitLocker AES 128. Therefore, theoretically, the more rounds of mathematical operations the encryption process has, the more security the encrypted drive possesses.
BitLocker AES 256

Change BitLocker encryption method from 128 to 256

BitLocker uses XTS-AES 128-bit by default, and here are the matters needing attention before choosing BitLocker AES 256:

  • The more rounds (mathematical operations) in the encryption process, the longer you will wait for the encryption to complete.
  • BitLocker has impacts, more or less, on PC and system performance. The encryption that uses BitLocker AES 256 may inflict more burdens on the PC and system, though most of the time, it's hard for us to sense.

You can follow the steps below to convert from BitLocker AES 128 to BitLocker XTS-AES 256-bit via the BitLocker Group Policy:

 Note: If the BitLocker is already enabled, turn off BitLocker before making changes to the encryption cipher strength, as BitLocker AES 256 won't be directly applied to the existing encrypted drive.

  1. Press the "Windows+R" keys to launch the "Run" dialog box.
  2. Type "gpedit.msc" in the box and hit the "Enter" key on your keyboard.
    gpedit msc
  3. Expand the folder by following the path: Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption.
  4. Now you can see the "Choose drive encryption method and cipher strength" item for different Windows versions on the right pane, choose the one based on your system version and double-click on it.
    Group Policy BitLocker Drive Encryption
  5. Click "Enabled" and choose XTS-AES 256-bit based on the drive types, including fixed data drives, operating system drives, or removable data drives.
  6. Click "Apply" and "OK."
    choose drive encryption method and cipher strength
  7. Re-encrypt the drive with BitLocker.

Do you find this post useful? You can share it with your friends!