By default Microsoft Bitlocker is set to use AES128 Bit encryption with a diffuser. It is possible to simply configure this to use the stronger AES256 Bit encryption.

To do this type 'gpedit.msc' into a Run box.

Under 'Computer Configuration', 'Administrative Templates', 'Windows Components' select 'Bitlocker Drive Encryption'

Double click the option 'Choose drive encryption and cipher strength'

You can now choose your cipher strength either AES128 or AES256 with or without a diffuser.


Select the cipher you desire and click 'Ok'

Microsofts advice re the diffuser and which cipher to choose is as follows:

'BitLocker supports a Diffuser algorithm to help protect against ciphertext manipulation attacks, a class of attacks in which changes are made to the encrypted data in an attempt to discover patterns or weaknesses. By default, BitLocker uses AES encryption with 128-bit encryption keys and Diffuser. You can also select encryption without Diffuser by using Group Policy if your organization is Federal Information Processing Standard (FIPS) compliant.

It is recommended that most organizations use AES 128-bit with Diffuser. For organizations that are required to use 256-bit encryption, the AES 256-bit with Diffuser option can be enabled by using Group Policy.'