Bitlocker Security Questions

The default key length for BitLocker is AES 128-bit. However, BitLocker also supports AES 256-bit, which can be configured for enhanced security if needed.

The choice between AES 128-bit and AES 256-bit depends on your security requirements—AES 128-bit is highly secure and generally faster, while AES 256-bit provides an even greater level of protection but with slightly reduced performance.

TraderGary said:

I know how much you love jumping up and down about your "43 seconds", but that one has also been patched.

Click to expand...

I know how much you love jumping up and down about your "BitLocker uses 256-bit AES encryption", but as far as all the people who had bought one of those hackable modern Windows 11 laptops are concerned, that one wasn't making a shred of difference until many months after this thread had been created. Like I said, if I have to wait for more than 3 whole years before it will finally be "safe", then thanks but no thanks, it is what it is, better luck next time, apologies for the inconvenience of me not buying into that fad, and, have a nice day!

hdmi said:

I know how much you love jumping up and down about your "BitLocker uses 256-bit AES encryption", but as far as all the people who had bought one of those hackable modern Windows 11 laptops are concerned, that one wasn't making a shred of difference until many months after this thread had been created. Like I said, if I have to wait for more than 3 whole years before it will finally be "safe", then thanks but no thanks, it is what it is, better luck next time, apologies for the inconvenience of me not buying into that fad, and, have a nice day!

Click to expand...

You apparently didn't read my previous post where I stated that the BitLocker default is AES 128-Bit encryption. The user can decide if he wants to use 256-Bit encryption. It's user configurable.

You really do need to understand that there is no such thing as an app or an OS that's 100% guaranteed safe and un-hackable. Your delight in finding vulnerabilities simply demonstrates that fact. If your goal is to find an invulnerable system, you'll only be disappointed.

The bottom line is that if you and I are going to use computers, we must always be vigilant and do the best we can to be as safe as possible.

I really do enjoy reading your posts and I wish the very best to you too!

TraderGary said:

You apparently didn't read my previous post where I stated that the BitLocker default is AES 128-Bit encryption. The user can decide if he wants to use 256-Bit encryption. It's user configurable.

Click to expand...

I did read your post. But I didn't have to read it to know that 128-bit AES is the default option, as I have already known it for years.

TraderGary said:

You really do need to understand that there is no such thing as an app or an OS that's 100% guaranteed safe and un-hackable.

Click to expand...

What makes you think that I don't already understand this fact? Most of what I do for a living is about data security. The stakeholders of every project I work on as an Enterprise Java developer include some of the largest corporations in the world.

TraderGary said:

Your delight in finding vulnerabilities simply demonstrates that fact.

Click to expand...

Finding vulnerabilities is actually a major part of my job description, albeit not when it comes to the Windows OS and features thereof. To me, personally, everything that relates to Windows is just a hobby. Each time when I poop Enterprise Java Beans, I can't hold a press conference about it all day and all of the night, as I also have to think about protecting my sanity so that's why.

TraderGary said:

If your goal is to find an invulnerable system, you'll only be disappointed.

Click to expand...

It isn't, and, it never will be. For the most part, I come here to have some fun. I am a Sagittarius, and, according to the Greek Zodiac calendar, a Chiron aka "The Wounded Healer". I think I understand one or two things about vulnerability.

TraderGary said:

The bottom line is that if you and I are going to use computers, we must always be vigilant and do the best we can to be as safe as possible.

Click to expand...

My brain comes at it from different directions. I tend to agree with Joymalya Basu Roy on this:
"Security is a subjective matter. If I talk about myself as an admin, what I consider secure, the end-user may feel the same for restrictive, hampering his daily work. As such, a balance needs to be struck between security and usability."
Source: Windows Measured Boot - How It Helps To Secure Windows OS Platform HTMD Blog

TraderGary said:

I really do enjoy reading your posts and I wish the very best to you too!

Click to expand...

TraderGary said:

The default key length for BitLocker is AES 128-bit. However, BitLocker also supports AES 256-bit, which can be configured for enhanced security if needed.

The choice between AES 128-bit and AES 256-bit depends on your security requirements—AES 128-bit is highly secure and generally faster, while AES 256-bit provides an even greater level of protection but with slightly reduced performance.

Click to expand...

TraderGary, how did you download your graphics cards drivers and update it? You mentioned you used a dell program to do this and not windows updates? Can you take a look at my thread on dell xps 15 9520 graphics card driver? I recently updated my graphic card drivers for Intel iris and Nvidia 3050 from the Dell website.

newmann said:

TraderGary, how did you download your graphics cards drivers and update it? You mentioned you used a dell program to do this and not windows updates? Can you take a look at my thread on dell xps 15 9520 graphics card driver? I recently updated my graphic card drivers for Intel iris and Nvidia 3050 from the Dell website.

Click to expand...

In the past 25 years I've had 7 Dell XPS laptops. I've never had problems with any of them and I've always used only Dell updates. In my experience the Dell engineers know what they're doing.

I start every day by first running Dell Command | Update followed by running Windows Update. I also run Dell Support Assist about once a week. I attribute never having driver problems to downloading drivers only from Dell.

Thanks TraderGary. What do you mean Dell Command | Update?

Are those the same programs or 2 separate programs? When I type in search bar Dell Update, that app shows up and opens up on my laptop. I then click on check and then it would show whatever critical updates is available. Is that what you mean? However, why does it show at bottom support for Dell Update expired already? Does it mean if you need like customer support for helping you with Dell Update? The phrasing sounds confusing because it sound like you can't even use Dell Update based on that line. Unless they mean like customer support? It says to install support assist to keep your system updated and performing its best. Do you have that message?

I heard SupportAssist isn't that good?

newmann said:

Thanks TraderGary. What do you mean Dell Command | Update?

Are those the same programs or 2 separate programs? When I type in search bar Dell Update, that app shows up and opens up on my laptop. I then click on check and then it would show whatever critical updates is available. Is that what you mean? However, why does it show at bottom support for Dell Update expired already? Does it mean if you need like customer support for helping you with Dell Update? The phrasing sounds confusing because it sound like you can't even use Dell Update based on that line. Unless they mean like customer support? It says to install support assist to keep your system updated and performing its best. Do you have that message?

I heard SupportAssist isn't that good?

Click to expand...

Dell Update and Dell Command | Update are two very different Dell utilities. The latter is more advanced and the one I prefer to use. I also frequently use Dell SupportAssist. You're free to listen to whomever you like.

Gary, I do something similar. In my case, I am using a Lenovo laptop so I use their software as a sanity check to make sure I'm up to date, but I prefer to download the drivers from the Lenovo web site manually just to make sure that I have a local copy of all drivers.

Then I take it one step further. I export all the drivers from my system to a folder and make a backup of that. This then becomes my primary source of drivers in case I ever need to do a clean install because the drivers can be restored so rapidly. But, I still have all the manually downloaded drivers as well "just in case" I have any problem with drivers I exported and then re-imported on the new Windows install.

Also, any time I get a new machine I spend at least a week testing and making sure that I can easily get a clean install on the system and documenting every step. This way I can guarantee rapid clean installs on all my machines. I can go from bare metal to a fully customized installation with all drivers and apps in way under one hour, maybe as little as 30 minutes. Base Windows and drivers are probably under 15 minutes.

TraderGary said:

Dell Update and Dell Command | Update are two very different Dell utilities. The latter is more advanced and the one I prefer to use. I also frequently use Dell SupportAssist. You're free to listen to whomever you like.

Click to expand...

How did you get that Dell Command Update program? Did you manually download it yourself? Dell Update was already installed on my laptop not by me. But there is no Dell Command Update program.

newmann said:

How did you get that Dell Command Update program? Did you manually download it yourself? Dell Update was already installed on my laptop not by me. But there is no Dell Command Update program.

Click to expand...

I downloaded Dell Command | Update here: