System: Windows 7 Enterprise When we use BitLocker to encrypt a new NTFS partition with 100% free space, it still takes a while to have an initial process. In my case of 512MB partition, it took about 2 mins. I assume that the process is doing the encryption in advance even there is no data. So after unlocking the encrypted partition, we can read/write files to it with minor performance impact. However, I found that if I expand the 512MB partition to 1GB by using Disk Management, it was done immediately. It seems like BitLocker has done nothing to the expanded area when I expected that may took another 2 mins to complete the encryption on free space. Therefore, I wonder if my data is still encrypted on the area of 512MB~1GB?? Let's assume that the "initial process" is just meant for faster I/O for later uses and BitLocker still encrypts/decrypts all the time. So will BitLocker get slower on 512MB~1GB than 0MB~512MB?? Otherwise, it can be a big security hole for BitLocker. As if I wanted to make the BitLocker initial process faster, I can just create a small partition (e.g. 1GB) and enable the BitLocker. After a short initialization, I just go back to Disk Mangement and expand the partition to something like 100GB. It should be completed immediately so I would never wait for a long time on enabling BitLocker on large partitions. Please correct me if anything wrong! Thanks for the time!!

BitLocker technology is a full disk encryption where we encrypt each and every sector on the disk. We write crypto stuff on each sector. A Volume formatted with NTFS file system will contain data and free space. OR It has only free space. So overall time taken to encrypt free space is little faster than data. So when you extend your volume that portion of sectors are free and does not have data, so it appears to you encryption is faster. Now answer to your questions. It seems like BitLocker has done nothing to the expanded area when I expected that may took another 2 mins to complete the encryption on free space. Therefore, I wonder if my data is still encrypted on the area of 512MB~1GB?? > Your drive is still encrypted with BitLocker. (0-1024 MB) Otherwise, it can be a big security hole for BitLocker. As if I wanted to make the BitLocker initial process faster, I can just create a small partition (e.g. 1GB) and enable the BitLocker. After a short initialization, I just go back to Disk Mangement and expand the partition to something like 100GB. It should be completed immediately so I would never wait for a long time on enabling BitLocker on large partitions. > Your understanding is not correct in this case. The time taken to encrypt a volume depends on other factors like Disk I/O Read/Write, Disk Speed (rpm), CPU and memory on a machine. http://technet.microsoft.com/en-us/library/ee449438(WS.10).aspx#BKMK_EntireDisk Does BitLocker encrypt and decrypt the entire drive all at once when reading and writing data? No, BitLocker does not encrypt and decrypt the entire drive when reading and writing data. The encrypted sectors in the BitLocker-protected drive are decrypted only as they are requested from system read operations. Blocks that are written to the drive are encrypted before the system writes them to the physical disk. No unencrypted data is ever stored on a BitLocker-protected drive. Is there a noticeable performance impact when BitLocker is enabled on a Windows 7–based computer? Generally it imposes a single-digit percentage performance overhead. Approximately how long will initial encryption take when BitLocker is turned on? BitLocker encryption occurs in the background while you continue to work, and the system remains usable, but encryption times vary depending on the type of drive that is being encrypted, the size of the drive, and the speed of the drive. If you are encrypting very large drives, you may want to set encryption to occur during times when you will not be using the drive. Manoj Sehgal