So keychain.json (with the the salt value and hashed passwords of vaults) is not sensitive, correct ?
As long as the vault password is long/strong/unique, a brute force attack would still remain required (even if much easier as salt is known).
Background: I am considering to use Backblaze, a backup provider forcing the user to upload the whole C: drive.
Hi.
yes
Watch out: personal opinion ahead!
There seem to be some users who use Backblaze, but from my point of view, cryptomator is not a suitable solution for that purpose.
Cryptomator desktop was designed to encrypt files and store them in a local vault, and the vault was designed to work best with synced online file storages like googledrive, dropbox, icloud, etc. (Means: file based, not only one container, “auto expandable”, etc).
Just because I have my “sensitive” files in a vault would not mean I reveal everything else to an online storage provider. For me this would mean that nothing on my system drive is sensitive to me outside the vault. Im pretty sure that’s not the case (think about browser histories, filename histories, caches, recycle bin, temp-folders, roaming and all the other useful things that helps us in windows 
).
If you trust backblaze and its build in encryption architecture so much that you want to store your complete system information there, then you don’t need to encrypt individual files in addition with cryptomator.