Standard and distributed backups are encrypted using Blockcrypt, an open source encryption scheme based on AES-256-GCM that provides plausible deniability (watch episode).
Distributed backups are encrypted using sss, one of the most secure implementations of Shamir Secret Sharing developed by Amber Sprenkels (a post-quantum computing PhD student in the Netherlands) before being encrypted (again) using Blockcrypt.
Blockcrypt encryption keys are derived using Argon2, a brute-force-resistent password-hashing function that won the 2015 Password Hashing Competition.
Fun fact: it would theoretically take 10,539,639 years to brute-force Superbacked-generated 5-word passphrase using MacBook Air with M1 chip (we’re not kidding around).
Releases are PGP-signed by Sun and cryptographically signed and notarized (scanned for malware) by Apple (Superbacked isn’t a bootleg operation).
Superbacked is an Electron app therefore, even though its source code is proprietary, it can be audited (watch episode).
If you find a security vulnerability, please get in touch.