Knowledge Base

Bitte , um Beiträge und Themen zu erstellen.

Change BitLocker Encryption Method and Cipher Strength in Registry

mpachmann
#1 · 17. Januar 2024, 10:59

https://winaero.com/change-bitlocker-encryption-method-and-cipher-strength-in-windows-10/

  1. Open Registry Editor.
  2. Go to the following Registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE.
    See how to jump to the desired Registry key with one click. If you do not have such a key, then just create it.
  3. To specify BitLocker Drive Encryption Method and Cipher Strength for fixed data drives, create a new 32-bit DWORD value EncryptionMethodWithXtsFdvNote: Even if you are running 64-bit Windows, you still need to use a 32-bit DWORD as the value type.Windows 10 Change BitLocker Encryption In Registry
  4. Set it to one of the following values:
    • 3 = AES-CBC 128-bit
    • 4 = AES-CBC 256-bit
    • 6 = XTS-AES 128-bit (this is the default option in Windows 10)
    • 7 = XTS-AES 256-bit
  5. For operating system drives, create a new 32-bit DWORD value EncryptionMethodWithXtsOs.
  6. Set it to one of the following values:
    • 3 = AES-CBC 128-bit
    • 4 = AES-CBC 256-bit
    • 6 = XTS-AES 128-bit (this is the default option in Windows 10)
    • 7 = XTS-AES 256-bit
  7. For removable data drives, create a new 32-bit DWORD value EncryptionMethodWithXtsRdv.
  8. Set it to one of the following values:
    • 3 = AES-CBC 128-bit
    • 4 = AES-CBC 256-bit
    • 6 = XTS-AES 128-bit (this is the default option in Windows 10)
    • 7 = XTS-AES 256-bit
  9. To make the changes done by the Registry tweak take effect, you need to sign out and sign in again to your user account.

Later, you can delete the EncryptionMethodWithXtsRdvEncryptionMethodWithXtsOs, and EncryptionMethodWithXtsFdv values to restore the default encryption method for all drive types.

x