What is the default Encryption Algorithm used by BitLocker in Windows?

What is the default Encryption Algorithm used by BitLocker in Windows?

• AES
• RSA
• Blowfish
• Triple DES

 

EXPLANATION

 BitLocker uses Advanced Encryption Standard (AES) as its encryption algorithm with configurable key lengths of 128 or 256 bits. The default encryption setting is AES-128, but the options are configurable by using Group Policy.

The common wisdom is that AES 128 and AES 256 actually offer about the same security. It would take so long to brute-force 128-bit AES encryption that 256-bit AES encryption doesn’t really offer a meaningful amount of additional security. For example, if it would take a quadrillion years to brute-force 128-bit AES, does it really matter that it might take even longer to brute-force 256-bit AES? For all realistic purposes, they’re equally secure.

But it’s not quite all that simple. The NSA requires 128-bit keys for data marked SECRET, while it requires 256-bit keys for data marked TOP SECRET. The NSA clearly considers 256-bit AES encryption more secure. Does a secretive government agency tasked with breaking encryption know something we don’t know, or is this just a case of silly government bureaucracy?

We aren’t qualified to give the final word on this. Agile Bits has a great in-depth look at the subject in their blog post about why they moved the 1Password password manager from 128-bit AES to 256-bit AES. The NSA apparently considers 256-bit AES encryption protection against future quantum computing technologies that could break encryption much more quickly.