- What is Threema Safe and how do I enable it?
- Which data does a Threema Safe backup contain?
- How often does Threema Safe create a backup, and how long will it be preserved?
- What makes Threema Safe secure?
- How do I restore a Threema Safe backup?
- How do I store my Threema Safe backup on my own server?
- How can I change or reset the password of my Threema Safe backup?
What makes Threema Safe secure?
Threema Safe encrypts the backup data using the password you specify. To derive a cryptographic key from the password, the scrypt algorithm is used. This algorithm is memory- and computation-intensive in order to render brute force attacks challenging. It is, of course, still important to choose a secure password. The compressed backup data is encrypted using the NaCl library, which applies the XSalsa20 and Poly1305 algorithms.
The backup’s file name is also derived from the user’s password. Therefore, the Threema Safe server cannot determine which backup belongs to which ID. Finding (and, of course, decrypting) the backup of a given ID is only possible if the backup’s password is known.
Threema Safe is optional, and you can store backups either on the Threema server or on your own server.
For technical details, please refer to the Cryptography Whitepaper.