The forum is in read-only mode. If you are looking for technical support, you can contact us by phone or email, or visit our pages on social networks: Facebook, Google+.


Go Back   Dekart > English > Dekart Secure Identity Storage
Register Members List Lazybit Search Today's Posts Mark Forums Read

Dekart Secure Identity Storage Smart card protection, encryption and convenient password management in one small pocketable gadget

Reply
 
Thread Tools Search this Thread Rating: Thread Rating: 71 votes, 5.00 average. Display Modes
  #1  
Old April 5th, 2007, 04:41
pepe
 
Posts: n/a
Default smart container details..

Hi,


we are currently investigating solutions like the Dekart Smart Container.

I would like to ask if the Dekart Password Carrier safes its data to the smartcard or to the flash memory. If it runs in the flash memory, is it protected by the smartcard? It probably is, via the data-safe?

Preferred solution would be to run the applications from ROM and store the user credentials in the smartcard. This would make it possible to simply unplug the USB stick without unmounting the filesystem first. It would also make it more difficult to read out the credentials-container in mobile usage szenarios.
Reply With Quote
  #2  
Old April 5th, 2007, 10:05
Alex Railean's Avatar
Alex Railean Alex Railean is offline
Technical Support
 
Join Date: Jan 2005
Location: Moldova, Dekart headquarters
Posts: 1,346
Default Re: smart container details..

Password Carrier was initially designed to store its data on a USB flash drive, in an encrypted form (AES-256 is used).

We also have added the functionality to store the collected passwords on a smart card, but it is unlikely to become a popular approach, due to the fact that smart cards have a limited storage capacity.

Usernames, passwords and web-site addresses will quickly consume all the space offered by the smart card, while a USB flash drive (being much cheaper) offers a lot more storage.

Smart cards are indeed more secure, but the data are encrypted when USB drives are used, so in the long run USB flash drives are very secure, and a lot cheaper.

Password Carrier can also be used in a scenario such as the one you described - the program itself resides on the hard disk, while the credentials are stored on an external drive.


But note one thing - Password Carrier's mobility is at its best when the program itself and the user data are on a USB drive. This requires no admin rights, there is no need to install drivers for the card reader, etc.

In other words, Password Carrier's initial design is the optimal choice for a wide range of possible usage scenarios.
Reply With Quote
  #3  
Old April 5th, 2007, 10:22
Unregistered
 
Posts: n/a
Default Re: smart container details..

> Password Carrier can also be used in a scenario such as the one you
> described - the program itself resides on the hard disk, while the
> credentials are stored on an external drive.

This should of course work. And of course it's more flexible to copy the program onto the USB memory.

But I've seen you have a "protected area" on the USB-Token. And there is also the 32 or 64K memory in the smartcard, which can be used to store the credentials(64k is pretty much when it comes to plaintext).

Question was: Is it possible to start the program from USB-*ROM*(protected memory) and access the smartcard-memory?

Benifits:
- No filesystem corruption when device is unplugged by users.
- Bruteforce onto Masterpassword not possible as the smartcards allows only N decryption-attempts.
Reply With Quote
  #4  
Old April 5th, 2007, 10:46
Alex Railean's Avatar
Alex Railean Alex Railean is offline
Technical Support
 
Join Date: Jan 2005
Location: Moldova, Dekart headquarters
Posts: 1,346
Default Re: smart container details..

Quote:
Question was: Is it possible to start the program from USB-*ROM*(protected memory) and access the smartcard-memory?
It is technically possible, the program was modified to make that option available. However, we did not test it in real-world scenarios, due to the limited availability of smart cards that are able to cover Password Carrier's storage needs.


The benefits you have enumerated are correct, but here are some additional facts:
  • The program was tested in various stress conditions, including forced removal, power offs, etc. It is able to handle such cases gracefully (there is always a "last known good backup" on the USB drive itself, plus the program reminds you at regular time intervals to make a backup on another storage device).
  • Smart cards are indeed perfect against brute-force attacks, but having the data encrypted with AES-256 with a relatively strong password will be "less than perfect but more than "good enough""; in other words - your privacy is well guarded even if you don't use smart cards.

Our goal is to provide a cost effective solution that offers reasonable security. Your suggestions make the set up more expensive, without adding a significant change to the level of security (at the same time there is a side-effect, mobility suffers because smart cards need smart card readers, and drivers).
__________________
Meet the people behind the "Dekart" logo.
Reply With Quote
  #5  
Old April 12th, 2007, 07:14
pepe
 
Posts: n/a
Default Re: smart container details..

Thank you for your reply.


I did not realise the "protected memory" is on the smartcard, I thought it may be as with U3 USB Sticks, which also register themselves as CDROM. This would be enough to counter FS-korruptions(journaling FS is good, but one can do better).

We are indeed searching for PIN-protected storage of credentials, as user passwords tend to be less than 70bits, not to mention 128/256.

I was hoping the credential manager or at least the data-safe uses the PIN protection.

We will probably test your products in more detail, anyway.

Thanks,
pepe
Reply With Quote
  #6  
Old November 17th, 2007, 18:04
Marc Lobelle
 
Posts: n/a
Default Re: smart container details..

Quote:
Originally Posted by Alex Railean View Post
Password Carrier was initially designed to store its data on a USB flash drive, in an encrypted form (AES-256 is used).

We also have added the functionality to store the collected passwords on a smart card, but it is unlikely to become a popular approach, due to the fact that smart cards have a limited storage capacity.

Usernames, passwords and web-site addresses will quickly consume all the space offered by the smart card, while a USB flash drive (being much cheaper) offers a lot more storage.

Smart cards are indeed more secure, but the data are encrypted when USB drives are used, so in the long run USB flash drives are very secure, and a lot cheaper.

Password Carrier can also be used in a scenario such as the one you described - the program itself resides on the hard disk, while the credentials are stored on an external drive.


But note one thing - Password Carrier's mobility is at its best when the program itself and the user data are on a USB drive. This requires no admin rights, there is no need to install drivers for the card reader, etc.

In other words, Password Carrier's initial design is the optimal choice for a wide range of possible usage scenarios.

Hello,

Is this device only usable with windows or is it also usable with LINUX, SOLARIS, MACos etc.

Thanks

Marc
Reply With Quote
  #7  
Old November 18th, 2007, 11:36
Alex Railean's Avatar
Alex Railean Alex Railean is offline
Technical Support
 
Join Date: Jan 2005
Location: Moldova, Dekart headquarters
Posts: 1,346
Default Re: smart container details..

Marc, it is a Windows-only application.
Reply With Quote
Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes Rate This Thread
Rate This Thread:

Posting Rules
You may post new threads
You may post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT +2. The time now is 10:23.


Powered by vBulletin Version 3.6.0
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.