Superbacked standard and distributed backups are encrypted using Blockcrypt, an open source encryption scheme based on AES-256-GCM that provides plausible deniability (watch episode).
Superbacked distributed backups are encrypted using sss, one of the most secure implementations of Shamir Secret Sharing developed by Amber Sprenkels (a post-quantum cryptography PhD) before being encrypted (again) using Blockcrypt.
Blockcrypt encryption keys are derived using Argon2, a brute-force-resistant password-hashing function that won the 2015 Password Hashing Competition
Fun fact: it would theoretically take 10,539,639 years to brute-force Superbacked-generated 5-word passphrase using MacBook Air with M1 chip (we’re not kidding around).
Superbacked releases are PGP-signed by Sun and cryptographically signed and notarized (scanned for malware) by Apple.
Superbacked is an Electron app therefore, even though its source code is packaged, it can be easily extracted and audited (watch episode).
When using Superbacked for personal use only, building app from source code is allowed under end-user license agreement.
If you believe you have found a security vulnerability, we encourage you to let us know immediately using email found here.