Home Latest Posts Windows 10 Why is Bitlocker tedious on Windows 10 than Windows 7? Microsoft explains

Why is Bitlocker tedious on Windows 10 than Windows 7? Microsoft explains


Microsoft’s Windows 10 is not only about the aesthetics, live tiles, UWP apps and customization etc. With Windows 10, Microsoft has not only worked on productivity but security as well. But sometimes, you may think some programs have slowed down, mostly when you upgrade from Windows 7, and curse it for being sluggish and disengaging. Well, that is not the case with Bitlocker Encyrption.

If you have been using Bitlocker Encryption on Windows 10 after you upgraded, you may have noticed it being slower with its encryption speed, compared to Windows 7 machines. This is not a bug at all nor is it that you are running a less powerful hardware.

It is all because Microsoft has put up a new encryption algorithm XTS-AES in place of the old one. This new algorithm provides additional protection from a class of attacks on encryption that rely on manipulating cipher text to cause predictable changes in plain text.

To understand why Bitlocker takes longer to complete the encryption in Windows 10 as compared to Windows 7, we need to understand the points listed below.

  1. BitLocker in Windows 10 has been made to run less aggressive for its background conversion. This makes sure that you are not experiencing slow performance of the machine while the encryption is in progress.
  2. This is compensated by the fact that this new conversion model BitLocker now uses (on all client SKUs and any internal drives) ensures that any new writes are always encrypted regardless of where on the disk they land (which was not the case for the original BitLocker watermark-based conversion model).
  3. The new conversion mechanism, called Encrypt-On-Write, immediately guarantees the protection (encryption) of all writes to disk AS SOON AS BitLocker is enabled on the OS or fixed (internal) volumes.  Removable drives work in the older mode for backwards compatibility.
  4. The pre-Windows 10 conversion mechanism could only make such a claim AFTER the conversion reached 100%.
  5. If one thinks about it, #2 and 3 are very significant because:
    • Regardless of the version of Windows used, without Bitlocker enabled and the drive fully encrypted, you could not guarantee that data wasn’t already compromised or stolen.
    • Therefore, those serious about any such compliance claims would have to wait for the older BitLocker conversion process to reach 100% before placing any sensitive data on drive.  This means possibly waiting a long time if the drive is large.
    • With the new method, they could safely copy sensitive data as soon as BitLocker is enabled and the volume is in the encrypting state.
  6. Due to achieving compliance status for all writes immediately upon enabling BitLocker, the pressure of reaching 100% conversion status is less and converting all pre-existing data happens at a slower rate (further lessening the impact on interactive user).

Microsoft has also added several new feature enhancements to Bitlocker since Windows 7.  Some of these enhancements are:

  • New encryption algorithm XTS-AES. This is also FIPS-compliant, which is a set of United States Government standards that provide a benchmark for implementing cryptographic software.
  • Bitlocker can be administered through various means such as BitLocker Wizard, Manage-BDE, Group Policy, MDM policy, Windows PowerShell, or WMI to manage it on devices
  • Integration with Azure Active Directory for easier online Bitlocker key recovery.
  • DMA port protection using MDM policies to block the DMA ports and secure the device during its startup.
  • Bitlocker Network Unlock
  • Support for Encrypted Hard Drive for faster encryption time.
  • Support for classes of HDD/SSD hybrid disks (small SSD used as a non-volatile cache in front of slower spinning HDD, known as Intel RST technology).

To get these enhancements, the whole product has gone through a major design change to make sure that Bitlocker is more secure, the machine stays much more responsive during the encryption process and we provide the latest feature and manageability to the users.

Microsoft promises to make significant improvements in Windows 10 Bitlocker encryption time when the Windows 10 Creators Update is available in early 2017 but the encryption time will also depend on the hardware you are using as well as the workload on the machine.

You can learn more about Bitlocker Drive Encryption on this page


Exit mobile version