Where do I buy USB Tokens for Dekart Log In and how do I secure the key so it is unreadble?
Thanks
Jacob

Google for either of the following:

eToken Pro USB by Aladdin
or
Lexar JumpDrive Secure

See the Dekart Logon Manual for more details.

brucet

Forgot to mention the following:

If you are planning to use Lexar JumpDrive Secure, expand the following (note that Javascript must be enabled in your browser):

Why can't I use my Lexar Jumpdrive Secure as an authentication key?

at this link, the Dekart Logon FAQs:

http://www.dekart.com/support/faq/windows_user_authentication/

You will need to download and run a *.reg script. I was unable to download with my web browser and had to use a download manager.

brucet, thank you for providing the answers, I will add some extra details.

There is a list of supported devices (http://www.dekart.com/products/supported_devices/), which enumerates the tokens and smart cards we've tested the software with. Jacob, in case Aladdin (also known as eToken) is not available in your area, you should try to find alternatives from that list.


USB tokens are more secure than USB flash drives (like Lexar JumpDrive), because they have (among many other things) a PIN lock mechanism, a copy-protection mechanism - neither of these is offered by a usual USB flash drive. If the flash drive is lost or stolen, the PIN is your only protection (the attacker will be able to make copies of the drive, even though it is useless without the PIN).

In contrast, a smart card or a token cannot be copied; while an incorrectly entered PIN [3 times in a row*] will block the card, making brute-forcing literally impossible.

You might also want to take a look at Dekart SIM Card Reader (you can see the picture on the left, when you visit dekart.com). It is a small card reader that uses SIM-sized smart cards -> so it has the size of a token, being much smaller than usual card readers. The advantage of this device (when compared with a usual USB token (not USB flash drive) is that you can replace cards, while a token is literally an embedded smart card).

And finally, if you want to cut costs, you can use a gadget you already have, such as an mp3 player, or a digital camera; as long as Windows detects it as a USB Mass Storage Device, you can use it as a key.


.
.
* varies from card to card, some allow 10 invalid PINs

iS THIS THE TOKEN i NEED?
http://www.esecuritytogo.com/ProductInfo.aspx?productid=ETPRO32K02260
tHANKS FOR ANY HELP

Yes, this one is supported.

Alex,

What happens if one loses a smart card or a token? How does one go about logging back on?

Also, can you explain difference in behavior, if any, between a regular jump drive and a secure jump drive with Dekart Logon?

Thanks,

brucet

Losing a smart card / token can be painful if you haven't previously made a backup. There is an utility called Key Manager (http://www.dekart.com/products/card_management/key_manager/), it allows you to create a key backup and store it on various media. This way you can make a copy of a smart card on a token, or make a copy of a token on a USB flash disk, etc. The backup can also be a simple file (but of course, an encrypted one) on the hard disk, it can be later transfered to a CD or floppy and turn that media into a key.


If you haven't made a copy, you can get access to your data

by taking the hard disk out and connecting it to a different PC
re-installing Windows


There is another way, discussed in our non-FAQ (http://www.dekart.com/support/faq/nfaq/), log on via Safe Mode by typing your usual username and password. You can 'close' this escape exit by:

using the program's built in strong password generator (the password is not shown to the user, but stored directly on the key); so when somebody tries to log on via safe mode, they will not know which password to use
safe mode can be disabled (but that will make usual PC troubleshooting very difficult or impossible). The non-FAQ explains how to do that


Also, can you explain difference in behavior, if any, between a regular jump drive and a secure jump drive with Dekart Logon?

Assuming that:
"regular jump drive" = USB flash disk
"secure jump drive" = token (such as Aladdin eToken PRO, mentioned by Jacob)

I'll call both these devices keys

Imagine that the key was found by a person who wouldn't mind getting access to your system.
The token and the USB flash disk can be PIN-protected (we insist you do that, so you get two authentication factors instead of one).

If the attacker gets physical access to your computer, they can unlock it with the key, but only if they enter the correct PIN.

If an invalid PIN is inserted three times in a row, the token is permanently blocked, so the key becomes useless. Hence brute-forcing is not possible.

The USB flash drive, on the other hand, cannot be permanently locked (it uses a different kind of technology), so the attacker will be able to try an infinite number of PINs, hoping that one of them will be valid. In other words, brute-forcing a PIN on a USB flash disk is possible, while tokens and smart cards do not have this drawback.

I must emphasize that the PIN can contain letters, digits and special characters, and it can be more than 4 characters long. In other words, your PIN should be a real password, and not something similar to the PIN of a bank card or a SIM card. This will guarantee that even if brute-forcing is theoretically possible, it will take a lot of time (see this guide about password recovery and AES-256 brute forcing (http://www.dekart.com/support/howto/Howto-recover-lost-password/)).



Another important detail is that one cannot make a copy of the token without knowing its PIN, while USB flash disks can be copied without barriers. Somebody can make a copy of it (so that you don't notice the disappearance of the key) and attempt to find the PIN while you are not at home or out of the office.

Alex,

The above discussion was very helpful.

Here's what I was trying to get to wrt Dekart Logon behavior/security:

Assuming that:
"regular jump drive" = USB flash disk (e.g., Lexar JumpDrive)
"secure jump drive" = "secure" USB flash disk (e.g., Lexar JumpDrive Secure)

Regards,

brucet

I've read the specs of the device, the site says that Lexar JumpDrive Secure is pre-loaded with encryption software. In other words, it is bundled with an application, but in this context, it acts as a 'usual' Lexar Jumpdrive.

You can turn any USB flash drive into a secure one, if you take a look at this guide: http://www.dekart.com/support/howto/encrypt-flash-drive-cd-dvd/

The idea is that you can take advantage of Private Disk's mobility, allowing it to run directly off a removable disk. In that case, the same flash disk can be used as a key for your Windows computer, and as an encrypted storage device. Other Dekart applications (such as Password Carrier (http://www.dekart.com/products/access_control/password_manager/) or The Cryptographic Provider (http://www.dekart.com/products/secure_emailweb/dekart_rsa_cryptographic_provider/)) can use the same flash disk too, thus you can turn any flash disk into a fully functional identity management solution.

What can I do to unlock an Etoken Pro that has been locked to many wrong passworde?
Jacob

You can do that with Key Manager (http://www.dekart.com/products/card_management/key_manager/).


You'll have to enter the correct PIN; if you fail to do that when unlocking the key, it will be permanently locked.

I thought I'd mention that I have an acquaintance who does computer forensics. With the tools available to any IT department, you can break JumpDrive's "SafeGuard" encryption quickly. I gave him one to test with a 9 character password, using letters numbers and special characters, and he broke it immediately. One reason I came looking for better security..... ;-) [quote=Alex Railean;2123]I've read the specs of the device, the site says that Lexar JumpDrive Secure is pre-loaded with encryption software.

This is why the lexar secure drive isn't! http://www.schneier.com/blog/archives/2004/10/the_doghouse_le.html