Windows 10: Why Bitlocker takes longer to complete the encryption in Windows 10


  1. Posts : 22,188
    64-bit Windows 10 Pro build 16241
       04 Jan 2017 #1

    Why Bitlocker takes longer to complete the encryption in Windows 10


    Hello, my name is Ritesh Sinha and I am a Support Escalation Engineer on the Windows team. Today’s blog will cover “Why Bitlocker takes longer to complete the encryption in Windows 10 as compared to Windows 7”.

    A brief summary of Bitlocker is: Bitlocker is a disk encryption system provided by Microsoft with the Windows operating system. Bitlocker uses a set of protectors (both hardware and software) to encrypt the data on the drive which makes sure that the data is accessible to only the authorized person, and only on the authorized machine.

    Recently, we heard from our customers that they are noticing a significant increase in time for the encryption to complete on Windows 10 machines compared to Windows 7 machines.
    To understand why Bitlocker takes longer to complete the encryption in Windows 10 as compared to Windows 7, we need to understand the points listed below.

    1. BitLocker in Windows 10 has been made to run less aggressive for its background conversion. This makes sure that you are not experiencing slow performance of the machine while the encryption is in progress.
    2. This is compensated by the fact that this new conversion model BitLocker now uses (on all client SKUs and any internal drives) ensures that any new writes are always encrypted regardless of where on the disk they land (which was not the case for the original BitLocker watermark-based conversion model).
    3. The new conversion mechanism, called Encrypt-On-Write, immediately guarantees the protection (encryption) of all writes to disk AS SOON AS BitLocker is enabled on the OS or fixed (internal) volumes. Removable drives work in the older mode for backwards compatibility.
    4. The pre-Windows 10 conversion mechanism could only make such a claim AFTER the conversion reached 100%.
    5. If one thinks about it, #2 and 3 are very significant because:
      • Regardless of the version of Windows used, without Bitlocker enabled and the drive fully encrypted, you could not guarantee that data wasn’t already compromised or stolen.
      • Therefore, those serious about any such compliance claims would have to wait for the older BitLocker conversion process to reach 100% before placing any sensitive data on drive. This means possibly waiting a long time if the drive is large.
      • With the new method, they could safely copy sensitive data as soon as BitLocker is enabled and the volume is in the encrypting state.

    6. Due to achieving compliance status for all writes immediately upon enabling BitLocker, the pressure of reaching 100% conversion status is less and converting all pre-existing data happens at a slower rate (further lessening the impact on interactive user).

    Apart from this reason, there are several new feature enhancements which have been made to Bitlocker since Windows 7. Some of these enhancements are:

    · New encryption algorithm XTS-AES. The new algorithm provides additional protection from a class of attacks on encryption that rely on manipulating cipher text to cause predictable changes in plain text.

    • This is also FIPS-compliant, which is a set of United States Government standards that provide a benchmark for implementing cryptographic software.
    • Bitlocker can be administered through various means such as BitLocker Wizard, Manage-BDE, Group Policy, MDM policy, Windows PowerShell, or WMI to manage it on devices
    • Integration with Azure Active Directory for easier online Bitlocker key recovery.
    • DMA port protection using MDM policies to block the DMA ports and secure the device during its startup.
    • Bitlocker Network Unlock
    • Support for Encrypted Hard Drive for faster encryption time.
    • Support for classes of HDD/SSD hybrid disks (small SSD used as a non-volatile cache in front of slower spinning HDD, known as Intel RST technology).

    To get these enhancements, the whole product has gone through a major design change to make sure that Bitlocker is more secure, the machine stays much more responsive during the encryption process and we provide the latest feature and manageability to the users.

    Because Window 10 and Windows Server 2016 share the same kernel base, these changes are applicable to Windows Server 2016 as well.

    You may notice significant improvement in Windows 10 Bitlocker encryption time after installing the Windows 10 Creators Update which is expected to release in 2017 but encryption time is also dependent on the hardware you are using as well as the workload on the machine.

    I hope this article will help everyone understand that Bitlocker is better than before even though it may seem like it is slower when encrypting existing data on a hard drive.

    Ritesh Sinha
    Support Escalation Engineer
    Microsoft Enterprise Platforms Support


    Source: Why Bitlocker takes longer to complete the encryption in Windows 10 as compared to Windows 7 | Ask the Core Team


      My ComputersSystem Spec


  2. Posts : 2,114
    W10 Pro + W10 Preview
       04 Jan 2017 #2

    Something that's always puzzled me......how can AV suites check Bitlocker encrypted drives?
      My ComputersSystem Spec


 

Related Threads
How to Set Default BitLocker Encryption Method and Cipher Strength in Windows 10 You can use BitLocker Drive Encryption to help protect your files on an entire drive. BitLocker can help block hackers from accessing the system files they rely on...
How to Create a BitLocker Drive Encryption Shortcut in Windows 10 You can use BitLocker Drive Encryption to help protect your files on an entire drive. BitLocker can help block hackers from accessing the system files they rely on to discover...
How to Check Status of BitLocker Drive Encryption for Drive in Windows 10 You can use BitLocker Drive Encryption to help protect your files on an entire drive. BitLocker can help block hackers from accessing the system files they rely on to...
50092 Read more: http://news.softpedia.com/news/more-bugs-windows-10-threshold-2-breaks-down-bitlocker-encryption-496566.shtml TechNet:...
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 13:43.
Find Us