The 256-bit variant of the Advanced Encryption Standard, the modern default cipher
AES-256 is the 256-bit-key variant of the Advanced Encryption Standard, a symmetric block cipher standardised by NIST in FIPS 197 and used almost everywhere modern software encrypts data.
“Symmetric” means the same key encrypts and decrypts. “Block cipher” means it works on fixed 128-bit blocks; to encrypt a whole file you wrap AES in a mode of operation. The mode that matters for modern storage is GCM (Galois/Counter Mode) — it encrypts and authenticates at the same time, so any tampering with the ciphertext is detectable on decrypt. AES-256-GCM is what you want to see in a 2026 backup product; older modes like CBC without a separate MAC are a red flag.
The 256-bit key size is cryptographic overkill by any current measure — a correctly keyed AES-256 is considered secure against both classical and foreseeable quantum attacks, and is approved for U.S. government TOP SECRET data. The real attack surface is never the cipher; it’s how the key is derived, stored, and protected.
In macup, every chunk of your backup — a 12 MB RAW from a Fuji shoot, a one-line text file, a 400 GB Premiere project cache — is encrypted with AES-256 in GCM mode before it leaves your Mac. The per-repository key is derived from your passphrase, never shipped to us.