Many Windows users may have experienced lagging BitLocker performance after upgrading to Windows 10 from Windows 7. That’s because Microsoft added a new conversion method called the Encrypt-On-Write mechanism to its latest desktop operating system, explained Windows support escalation engineer Ritesh Sinha.
For starters, Bitlocker is a native disk encryption program on Windows that protects your data from third-party access. The program experienced major changes when Windows 10 launched, chief of which is Encrypt-On-Write. This conversion mechanism works to encrypt all writes made to the disk once you enable Bitlocker on your system. Encrypt-On-Write does not apply to removable drives, however.
Encrypt-On-Write slows down BitLocker on Windows 10
So why does Encrypt-On-Write slow down Bitlocker on Windows 10? Sinha offers the following explanation:
BitLocker in Windows 10 has been made to run less aggressively while converting in background. This makes sure that don’t experience slow performance of the machine while the encryption is in progress.
This is compensated by the fact that this new conversion model BitLocker now uses (on all client SKUs and any internal drives) ensures that any new writes are always encrypted regardless of where on the disk they land (which was not the case for the original BitLocker watermark-based conversion model).
The new conversion mechanism, called Encrypt-On-Write, immediately guarantees the encryption of all writes to the disk as soon as BitLocker is enabled on the OS or internal volumes. Removable drives work in the older mode for backwards compatibility.
The pre-Windows 10 conversion mechanism could only make such a claim after the conversion reached 100%.
If one thinks about it, #2 and 3 are very significant because:
- Regardless of the version of Windows used, without Bitlocker enabled and the drive fully encrypted, you could not guarantee that data wasn’t already compromised or stolen.
- Therefore, those serious about any such compliance claims would have to wait for the older BitLocker conversion process to reach 100% before placing any sensitive data on drive. This means possibly waiting a long time if the drive is large.
- With the new method, they could safely copy sensitive data as soon as BitLocker is enabled and the volume is in the encrypting state.
Due to achieving compliance status for all writes immediately upon enabling BitLocker, the pressure of reaching 100% conversion status is less and converting all pre-existing data happens at a slower rate (further lessening the impact on interactive user).
Microsoft, nonetheless, vows significant improvement in Windows 10 Bitlocker encryption time once the Creators Update rolls out in April this year. However, encryption time will still depend on your hardware and machine workload.
RELATED STORIES YOU NEED TO CHECK OUT:
- How to Enable BitLocker on Windows 10 Without TPM
- Windows 10 Anniversay Update brings TPM 2.0 support for all Windows 10 devices
- Windows 10 Gets the New XTS-AES Bitlocker Encryption