The password is stored on the USB device in base64 encoding. It's not any encryption, just encoding.

Let's say someone steals my USB memory, the just have to do a search on google (http://www.google.com/search?hl=sv&q=base64+decoding&btnG=S%C3%B6k&meta=) and they will find tools to decode the password. Just open smartkey.dka with notepad and find the line with base64. You will get the computers name, the username and the password. Totally insecure!

I would prefer Dekart Logon used PKI for this. One private key and one public. Much more safe. Public key on the usb drive including the encrypted password. The private one one the computer.

The above statement is valid only if the USB drive is not PIN-protected. Otherwise, the PIN is used to encrypt the data; which is why we insist that users always remember to assign a PIN to the key.

The PIN can contain digits and letters and it is not limited to 4 characters in length (like most people think).

Aaa, I see.
If the pin code is used, the above that I wrote is not possible. Just so everyone knows...


What encryption are you using to encypt the file with the pin code?

If the pin code is used, the above that I wrote is not possible. Just so everyone knows..
This detail is mentioned in our non-FAQ (http://www.dekart.com/support/faq/nfaq/); I will stick this thread to the top of the thread-list so that the discussion gains more visibility.


The applied encryption is AES 256, NIST certified.

AES-256. Impressive!
I didn't know that. Really nice information.

Let's say am using a biometric identifier. The BIO ID is stored in smartkey.dka. Is it encrypted? Is it only encrypted if I also have pin code? How does it work?

The biometric identifier is encrypted as well (it's just a part of the smartkey.dka file, so it is encrypted along with all the other data contained within it).

If you use no PIN, then the BIO ID is not encrypted, but you still need to successfully go through the biometric authentication in order to get into the system.