The default is `AES256-GCM`

encryption with `BLAKE2B-256-128`

hash which tends to be faster on modern 64-bit Intel/AMD CPUs, but this is very machine dependent: You can run the benchmark yourself using:

```
$ kopia benchmark crypto
```

On my 2020 Mac Laptop AES256-GCM wins over CHACHA20-POLY1305 by a lot:

```
Hash Encryption Throughput
-----------------------------------------------------------------
0. BLAKE3-256 AES256-GCM-HMAC-SHA256 1.9 GiB / second
1. BLAKE3-256-128 AES256-GCM-HMAC-SHA256 1.8 GiB / second
2. BLAKE3-256-128 CHACHA20-POLY1305-HMAC-SHA256 1.1 GiB / second
3. BLAKE3-256 CHACHA20-POLY1305-HMAC-SHA256 867.9 MiB / second
...
```

On my Apple Silicon (ARM) Mac Mini the results are different, AES256 wins hands down over CHACHA20-POLY1305, but BLAKE is slower and SHA hashes are much faster than on Intel:

```
0. HMAC-SHA256-128 AES256-GCM-HMAC-SHA256 1.6 GiB / second
1. HMAC-SHA256 AES256-GCM-HMAC-SHA256 1.6 GiB / second
2. HMAC-SHA224 AES256-GCM-HMAC-SHA256 1.6 GiB / second
3. BLAKE2B-256-128 AES256-GCM-HMAC-SHA256 776.6 MiB / second
4. BLAKE2B-256 AES256-GCM-HMAC-SHA256 684.2 MiB / second
5. HMAC-SHA256 CHACHA20-POLY1305-HMAC-SHA256 624 MiB / second
6. HMAC-SHA224 CHACHA20-POLY1305-HMAC-SHA256 622.7 MiB / second
7. HMAC-SHA256-128 CHACHA20-POLY1305-HMAC-SHA256 622.4 MiB / second
```

On Raspberry PI 4 (low-end ARM64) the story is completely different with CHACHA20 winning by a lot:

```
0. BLAKE2B-256-128 CHACHA20-POLY1305-HMAC-SHA256 73.1 MiB / second
1. BLAKE2B-256 CHACHA20-POLY1305-HMAC-SHA256 72.6 MiB / second
2. BLAKE3-256 CHACHA20-POLY1305-HMAC-SHA256 70.3 MiB / second
3. BLAKE3-256-128 CHACHA20-POLY1305-HMAC-SHA256 70.2 MiB / second
4. HMAC-SHA3-224 CHACHA20-POLY1305-HMAC-SHA256 57.7 MiB / second
5. HMAC-SHA3-256 CHACHA20-POLY1305-HMAC-SHA256 56.1 MiB / second
6. BLAKE2S-256 CHACHA20-POLY1305-HMAC-SHA256 53.5 MiB / second
7. BLAKE2S-128 CHACHA20-POLY1305-HMAC-SHA256 53.4 MiB / second
8. HMAC-SHA256-128 CHACHA20-POLY1305-HMAC-SHA256 30.2 MiB / second
9. HMAC-SHA256 CHACHA20-POLY1305-HMAC-SHA256 30.2 MiB / second
10. HMAC-SHA224 CHACHA20-POLY1305-HMAC-SHA256 30.2 MiB / second
11. BLAKE2B-256-128 AES256-GCM-HMAC-SHA256 19.3 MiB / second
12. BLAKE3-256 AES256-GCM-HMAC-SHA256 19.1 MiB / second
13. BLAKE3-256-128 AES256-GCM-HMAC-SHA256 19.1 MiB / second
14. BLAKE2B-256 AES256-GCM-HMAC-SHA256 19 MiB / second
15. HMAC-SHA3-224 AES256-GCM-HMAC-SHA256 18.1 MiB / second
16. HMAC-SHA3-256 AES256-GCM-HMAC-SHA256 17.9 MiB / second
17. BLAKE2S-256 AES256-GCM-HMAC-SHA256 17.6 MiB / second
18. BLAKE2S-128 AES256-GCM-HMAC-SHA256 17.6 MiB / second
19. HMAC-SHA256-128 AES256-GCM-HMAC-SHA256 14 MiB / second
20. HMAC-SHA224 AES256-GCM-HMAC-SHA256 14 MiB / second
21. HMAC-SHA256 AES256-GCM-HMAC-SHA256 14 MiB / second
```

On the same Raspberry PI hardware but in 32-bit mode (ARMHF) the results are different still:

```
0. BLAKE3-256 CHACHA20-POLY1305-HMAC-SHA256 25.6 MiB / second
1. BLAKE3-256-128 CHACHA20-POLY1305-HMAC-SHA256 25.5 MiB / second
2. BLAKE2S-256 CHACHA20-POLY1305-HMAC-SHA256 22.6 MiB / second
3. BLAKE2S-128 CHACHA20-POLY1305-HMAC-SHA256 22.5 MiB / second
4. BLAKE2B-256-128 CHACHA20-POLY1305-HMAC-SHA256 19.6 MiB / second
5. BLAKE2B-256 CHACHA20-POLY1305-HMAC-SHA256 19.5 MiB / second
6. HMAC-SHA256-128 CHACHA20-POLY1305-HMAC-SHA256 19.2 MiB / second
7. HMAC-SHA256 CHACHA20-POLY1305-HMAC-SHA256 19.2 MiB / second
8. HMAC-SHA224 CHACHA20-POLY1305-HMAC-SHA256 19.2 MiB / second
9. HMAC-SHA3-224 CHACHA20-POLY1305-HMAC-SHA256 17 MiB / second
10. HMAC-SHA3-256 CHACHA20-POLY1305-HMAC-SHA256 16.6 MiB / second
11. BLAKE3-256 AES256-GCM-HMAC-SHA256 14.6 MiB / second
12. BLAKE3-256-128 AES256-GCM-HMAC-SHA256 14.6 MiB / second
13. BLAKE2S-256 AES256-GCM-HMAC-SHA256 13.6 MiB / second
14. BLAKE2S-128 AES256-GCM-HMAC-SHA256 13.6 MiB / second
15. BLAKE2B-256 AES256-GCM-HMAC-SHA256 12.4 MiB / second
16. BLAKE2B-256-128 AES256-GCM-HMAC-SHA256 12.4 MiB / second
17. HMAC-SHA256-128 AES256-GCM-HMAC-SHA256 12.3 MiB / second
18. HMAC-SHA256 AES256-GCM-HMAC-SHA256 12.3 MiB / second
19. HMAC-SHA224 AES256-GCM-HMAC-SHA256 12.2 MiB / second
20. HMAC-SHA3-224 AES256-GCM-HMAC-SHA256 11.4 MiB / second
21. HMAC-SHA3-256 AES256-GCM-HMAC-SHA256 11.1 MiB / second
```