Enable BitLocker AES-XTX 256 encryption algorithm

The latest version of Windows 10 (1511) has introduced a new encryption algorithm AES-XTX. This version of AES is specific to encrypt hard drives. By default, Windows 10 1511 uses AES-XTX 128 to encrypt your hard drives. If you want to protect sensitive data, you may prefer using AES-XTX 256 algorithm. Let's see how to enable this algorithm.

  1. Open the Local Group Policy Editor
  2. Select Computer Configuration / Administrative Templates / Windows Components / BitLocker Drive Encryption
  3. Double-click on Choose drive encryption method and cipher strengh (Windows 10 [Version 1511] and later)
  4. Select Enabled and choose the encryption algorithm you want
  5. Open Windows Explorer, right-click on a drive, and select Turn On BitLocker

You can check the encryption algorithm using the following command (as administrator):

manage-bde -status

Leave a reply