During the process of turning on BitLocker, the BitLocker Setup wizard prompts to choose how much of your drive to encrypt. What is the difference between encrypting entire drive and used disk space only, and which one should I choose?
In fact, encrypting used disk space only appears in the context of full disk encryption taking too long. Next, I will explain how they differ in terms of security, encryption duration, applicable scenarios, and post-encryption usage. Let’s explore these differences.
For used disk space only, BitLocker only encrypts the portion that contains data, leaving the unused space unencrypted. In this case, despite the used space being encrypted, there may still be some sectors containing unencrypted data that were deleted previously. These data can potentially be recovered until they are overwritten by new data.
When encrypting the entire drive, the full drive space will be encrypted, whether it is used or not. Therefore, even data that was deleted previously on this drive will be protected with BitLocker encryption.
You can find more information on this official page.
Encrypting used disk space only is faster than encrypting the entire drive, especially when only a small portion of the drive is used. This discrepancy in speed is expected due to the difference in encryption sizes.
As mentioned by the BitLocker Setup wizard, if you want to encrypt a new drive, selecting to encrypt used disk space only is a better choice. It takes less time, and there's no difference in security compared to full encryption.
If you want to enable BitLocker for a used drive, encrypting the entire drive is a more secure choice. Although this mode will take longer, it can protect your data stored on the drive more securely.
No matter which encryption method is used, the way to access data is the same.
Transparency: Aside from needing to enter the correct credentials to unlock the encrypted drive, the process of accessing data is no different from accessing a normal drive. In terms of user perception, it feels like nothing has changed.
Performance: The impact on performance is minimal. You can learn more details from "Does BitLocker encryption impact computer performance?".
In summary, as the BitLocker Setup wizard shows, if you encrypt a new drive, encrypting used disk space only is a better option. For encrypting a used drive, encrypting the entire drive will be more secure.
Consider your requirements and choose the encryption method that best suits your needs.
If your computer doesn't support BitLocker, you can use iSunshare BitLocker Genius for Windows to enable BitLocker functionality.
Your concern is justified. Though BitLocker drive encryption is safe and is seemed as highly secure safeguarding utility for data protection, it’s essential to set up a robust and unhackable BitLocker encryption password.
Don't worry too much, it’s normal to take so long when you choose "Encrypt Entire Drive".
In words, file is very safe in hibernation mode while not so secure in sleep mode, and BitLocker on your system does not significantly impact hibernation and sleep modes.
What happens if the computer shuts down during encryption or decryption with BitLocker Drive Encryption? This post provides the answer.