New BitLocker Encryption Settings in version 1511?

Hi,

I have Win 10 Pro and I set the Encryption method in Group Policy as being XTS-AES 256 instead of the default XTS-AES 128. Is XTS-AES 256 more secure than XTS-AES 128?
https://technet.microsoft.com/en-us/...(v=vs.85).aspx

Hello Brink,

Yes, I had read your posting on that. And we thank you very much for it for posting that.

My question being, is XTS-AES 256 more secure than XTS-AES 128?

And what Encryption Method do you use when using BitLocker on OS drives?

As Brink said, AES-256 is stronger than AES-128.

I think the idea of AES-256 being weaker than AES-128 stemmed from an article Bruce Schneier once published regarding a NIST paper. The main part being AES-128 attacks would require 2¹²⁸ time to break it, whereas the paper was showing attacks against AES-256 requiring only 2¹¹⁹ time to break it, hence the alarm. However the article itself also said that the attacks were non-practical, and also they weren't based on full 14-round AES-256, but crippled 9,10 and 11 round AES-256. In short, it was a theoretical non-practical paper exploring ideas rather than attacking real world AES-256 encrypted data. So despite the speculation, AES-256 is stronger than AES-128.

The obvious question then is why use AES-128 when you can use the stronger AES-256. The advantage to using AES-128 is mainly for performance reasons (although any performance differences won't be noticeable to the user). When data is read and written to disk it's encrypted/decrypted on the fly and therefore AES-128 is faster and takes less processing power than AES-256. However, now-a-days most CPU's have AES-NI instructions built into the CPU specifically to make encrypting/decrypting as fast and efficient as possible. On top of that AES-XTS increases performance even further compared to AES-CBC.

The reason for AES-256 on the other hand, is not because AES-128 is insecure because that is not the case, AES-128 is unbreakable now and for the foreseeable future. However, the NSA for example recommended that all 'Top Secret' data was encrypted with AES-256 for future proofing reasons. Data isn't just classified for this year, but for many years to come and in many years to come that could include protecting the data against quantum computing or other technological advancements. From a OS makers point of view though, as AES-128 is secure enough that AES-256 isn't required, there's been little point making AES-256 the default setting.

I was wondering as to why MS or other OS makers user AES 128 by default.
You answered my question. And thanks!

And to meet FIPS 140-2 compliance , need to use AES 256 as well.

Yes, why not go for more security if there is a choice for it.
The noticeable slowdown of my system is during the encryption process, but after that, no performance issues.