Bitlocker Encryption Method - Performance
hello, i have got two new USB-harddisks with 640 GB and with 1 TB and i want to use bitlocker drive encryption with both. is there a significant performance difference between: AES-128 Bit, AES-128 Bit with Diffuser, AES-256 and AES-256 with Diffuser? what option should i use from those? thanks eva
July 13th, 2010 2:24am

Hi eva, "BitLocker supports two levels of cipher strength for BitLocker: 128-bit and 256-bit. Both use the Advanced Encryption Standard (AES) to perform encryption. Longer encryption keys provide an enhanced level of security and are less likely to be successfully attacked by the use of brute-force methods. However, longer keys can cause slower encryption and decryption of data. On some computers, using longer keys might result in noticeable performance degradation. You can use Group Policy to change the length of the encryption key used by BitLocker. In addition, BitLocker supports a Diffuser algorithm to help protect against ciphertext manipulation attacks, a class of attacks in which changes are made to the encrypted data in an attempt to discover patterns or weaknesses. By default, BitLocker uses AES encryption with 128-bit encryption keys and Diffuser. You can also select encryption without Diffuser by using Group Policy if your organization is Federal Information Processing Standard (FIPS) compliant. It is recommended that most organizations use AES 128-bit with Diffuser. For organizations that are required to use 256-bit encryption, the AES 256-bit with Diffuser option can be enabled by using Group Policy." For more information, please refer to: How Strong Do You Want the BitLocker Protection? Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
Free Windows Admin Tool Kit Click here and download it now
July 14th, 2010 10:03am

Hi, I've got a work laptop that is using Bitlocker to encrypt the hard drive using the default setting of AES 128-bit. The level of encryption needs to be increased to AES 256-bit. Do I need to decrypt the hard drive before I change the encryption to AES 256-bit? Or will Bitlocker automatically re-encrypt the hard disk to AES 256-bit after I have made the configuration change? Thanks
March 13th, 2012 8:54pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics