Encryption
All file data, names, metadata and directory structure are encrypted client side using encryption keys protected by your passphrase. Meaning only someone with the passphrase can restore/view your data.
See here for what additional metadata we store.
Data is protected using an authenticated cipher with 256-bit keys providing both data authenticity (integrity) and confidentiality.
if you loose your passphrase/key it's not possible to recover your data
Supported algorithms
We support either AES-GCM or ChaCha20-Poly1305 which can be selected when you create the repo.
Both algorithms are considered secure but you may have a personal preference for one.
Algorithm Performance
Below is a benchmark of the supported algorithms at varying block sizes on an AMD Ryzen 5800x which may influence your decision.
This CPU includes AES-NI which improves the AES speed considerably, without it you can expect to see around a 10x slowdown, making ChaCha20-Poly1305 faster.
AMD Zen and Intel desktop CPU's for the past decade include AES-NI
| Algo | Block size | Speed |
|---|---|---|
| AES-256/GCM AES-NI | 16 | 232.607k/s |
| AES-256/GCM AES-NI | 64 | 930.43k/s |
| AES-256/GCM AES-NI | 512 | 7.20168M/s |
| AES-256/GCM AES-NI | 4096 | 56.5659M/s |
| AES-256/GCM AES-NI | 32768 | 504.514M/s |
| AES-256/GCM AES-NI | 262144 | 2.24369G/s |
| AES-256/GCM AES-NI | 1048576 | 2.70556G/s |
| ChaCha20Poly1305 | 16 | 250k/s |
| ChaCha20Poly1305 | 64 | 1000k/s |
| ChaCha20Poly1305 | 512 | 7.8125M/s |
| ChaCha20Poly1305 | 4096 | 59.5238M/s |
| ChaCha20Poly1305 | 32768 | 357.143M/s |
| ChaCha20Poly1305 | 262144 | 1113.04M/s |
| ChaCha20Poly1305 | 1048576 | 1.19712G/s |