Threema Safe encrypts the backup data using the password you specify. To derive a cryptographic key from the password, the scrypt algorithm is used. This algorithm is memory- and computation-intensive in order to render brute-force attacks challenging. It is, of course, still important to choose a secure password. The compressed backup data is encrypted using the NaCl library, which applies the XSalsa20 and Poly1305 algorithms.
The backup’s file name is also derived from the user’s password. Therefore, the Threema Safe server cannot determine which backup belongs to which ID. Finding (and, of course, decrypting) the backup of a given ID is only possible if the
backup’s password is known.
Threema Safe is optional, and you can store backups either on the Threema server or on your own server.
For technical details, please refer to the Cryptography Whitepaper.
