DiskCryptor 2.0 is the largest update to the project in many years and marks a major milestone in its development. This release introduces substantial improvements across virtually every part of the software, including modern cryptography, hardware-backed security, storage management, performance, reliability, and usability. As these changes affect core components throughout the project, Version 2.0.0 is being released initially as a pre-release to gather broad real-world testing and feedback before the next stable release.
A major addition is support for the Argon2id key derivation function, providing a modern, memory-hard alternative to the traditional KDFs for significantly improved resistance against password cracking attacks.
DiskCryptor now also supports optional TPM integration in the DCS bootloader, enabling hardware-backed protection and unattended system unlock configurations. Combined with optional Secure Boot support, this allows systems to take advantage of modern platform security features while maintaining DiskCryptor's flexible boot architecture. TPM and Secure Boot functionality require a DiskCryptor Pro Supporter Certificate, available from the [Xanasoft web shop]( https://xanasoft.com/shop/).
The DCS bootloader itself has received extensive improvements. A new pre-boot configuration menu allows changing selected settings directly from the password prompt without booting into Windows. USB keyfiles are now supported, making removable authentication media much easier to use, and touchscreen devices benefit from proper on-screen keyboard support. To simplify boot management, DiskCryptor can now be installed onto its own dedicated EFI System Partition instead of modifying the Windows EFI partition.
One of the most significant architectural changes is the introduction of the new Version 2 volume header format. The new variable-sized header supports independent key slots, allowing multiple passwords and keyfiles to unlock the same volume without sharing key material. A new header editor makes managing these headers straightforward, while an additional volume layout editor allows resizing headers, adding or removing backup headers, and modifying relocation areas after a volume has already been created.
Volume protection has also been enhanced through optional backup headers stored at the end of the partition, providing additional resilience against header corruption.
Performance has received several important improvements. Encryption and decryption can now skip unused sectors, significantly reducing processing time on SSDs and sparsely populated volumes. At the same time, the previous SSD chunking optimization has been removed, as testing has shown that it reduces performance on modern solid-state drives rather than improving it.
The internal volume transcription engine has been completely rearchitected into an asynchronous design. Besides improving responsiveness, this eliminates deadlocks that could occur on low-memory systems and resolves race conditions encountered while re-encrypting volumes.
Boot performance has also improved through a new "mount at boot" shortcut. The EFI bootloader now passes the derived header keys directly to the Windows driver, eliminating an unnecessary second key derivation during startup and noticeably reducing boot times when mounting encrypted system volumes.
Safety has been further strengthened with the addition of optional RAW volume protection. When enabled, DiskCryptor prevents writing to or formatting volumes that do not contain a recognized file system, helping protect encrypted or otherwise unknown storage from accidental modification or destruction. A new mechanism has also been added to automatically force encrypted volumes to dismount before the system enters hibernation.
Several usability improvements have been introduced throughout the application. A new status bar provides additional operational feedback, password caching can now be controlled directly from the menu, secure desktop password entry offers improved protection against desktop-level attacks, and virtual keyfiles simplify transferring high-entropy authentication material from password managers without requiring physical keyfiles.
The graphical interface has also been refined with a reorganized main menu and numerous workflow improvements, making both everyday operation and advanced volume management more intuitive. Dedicated TPM management functionality has been integrated into the GUI, making it easier to configure and maintain hardware-backed authentication.
Numerous reliability improvements and bug fixes are included as well. These include corrected sector calculations in the minifilter driver when resizing volumes on native 4 KB sector disks, fixes for drive list corruption while scrolling horizontally, improved handling of relocation areas, and many smaller fixes throughout the codebase that improve stability under demanding workloads.
With Version 2.0, DiskCryptor takes a significant step forward, combining modern cryptography, flexible key management, hardware-backed security, and a substantially enhanced storage architecture while preserving the lightweight design, flexibility, and compatibility that have always distinguished the project. As this release introduces extensive architectural changes across nearly every component, it is being published as a pre-release to gather broader testing and feedback before the next stable release.
Download: https://github.com/DiskCryptor/DiskCryptor/releases/tag/v2.0.0