Where did CyberKey come from?CyberKey is the brainchild of Fred J. Federspiel, Ph.D. Fred serves as CEO of CyberKey Data Security. He may be contacted here.
Why is CyberKey better than XYZ's 2-factor authentication?CyberKey provides a reliable, easy way to take personal control of your valuable information. You don't have to trust any authenticator's security policies, or their employees, or the government agencies with influence over the authenticator.
Why is CyberKey better than storing data on a USB drive?CyberKey gives you better security by making it easy to use long random passcodes, and keep them separate from your encrypted data.
While some USB drives may appear to have great physical security, or fingerprint protection, or PIN protection, the bottom line is this: information in any drive can probably be uncovered by a determined thief - unless it's protected by proven encryption algorithms, secured by a long random passcode that is stored separately and is practically impossible to remember.
Does CyberKey collect or store any information about any of my keys?No.
Does CyberKey encrypt or interfere with information that's already on my hard drive?No. Using CyberKey, you create encrypted Data Vaults, which are stored on unused parts of your hard drive. Your first vault holds 10MB of encrypted information, and uses 10.3MB of space. You can move sensitive information into your Data Vault any time you've inserted your Personal Key, and typed your PIN. If you want to store more than 10MB, you insert your Master Key to launch the CyberKey Factory and create a new vault on some other unused part of your hard drive.
What if I forget my PIN?Insert your Master Key - The CyberKey Factory will automatically launch, allowing you to re-forge your Personal Key with a new PIN. If you had previously upgraded the Key to Premium, the upgrade stays with the Key, even if you need to reset the PIN.
How do I replace a Personal Key?Insert your Master Key - The CyberKey Factory will automatically launch, allowing you to create a new Personal Key.
How do I replace a Master Key?To replace a Master Key, you should make a new vault by launching the CyberKey Factory: Start -> All Programs -> CyberKey -> Launch CyberKey Factory. Choose "Create a New Vault", and use a new Master Key when prompted. Then choose "Modify Personal Key" to give your Personal Key access to this new vault. Finally, insert your Personal Key to open your vaults, and move your information into the new vault.
What if I lose both my Master Key and my Personal Key?If you lose all copies of your Keys, you are out of luck. There is no password recovery utility in existence that can recover your sensitive data.
To mitigate this risk, you can make as many copies of your Master Key as you'd like for free. You can also write down the 128 hex character master keyfile, and keep that in your safe along with your Master Keys. You can also keep a copy of your sensitive data off line, and store that in your safe.
What if I get a cloud storage account later? Can I move a vault?Yes. The vault file storing your encrypted data is named VaultName.dat, for example CyberKey1.dat. After you pull out your Personal Key, you can move any vault. Say you want to move a vault into Dropbox. Just drag it from it's original location (for example C:/Users/Joanne/CyberKeyVaults/CyberKey1.dat) into the new Dropbox location. Then, the next time you insert your Personal Key, CyberKey will ask where it can find that vault. Point CyberKey to the right directory once, and it will remember the location from then on.
Does CyberKey encrypt information on my USB drive?No.
What happens to information that is on my USB drive before I set up CyberKey?CyberKey does not format your USB drive, or erase any information you have on it. However, it becomes less convenient to access that information.
How do I access information that was previously on my USB drives?To access information stored on a Personal Key, insert it, then cancel out of the PIN-request screen. For a Master Key, just hit "exit" at the CyberKey Factory prompt. You can access your USB drive exactly as you did before installing CyberKey.
I saved my PIN, so I never see the "PIN-request screen?"To access the old information on your Personal Key, disable the CK_USB_Monitor in your computer's Task Scheduler. Go to your start menu, type "Task Scheduler" in the search box, select it, select Task Scheduler Library, then right-click on "CK_USB_Monitor" to disable CyberKey's auto-mount process. Reverse the process to enable CyberKey again.
Do I have to be connected to the internet to use CyberKey?No. After you download and setup, you can use CyberKey completely offline. You need to be online only to create new Personal Keys, or upgrade to a Premium Personal Key. (You also need to be online for cloud facilities like Dropbox to backup any vaults you may have stored in the cloud.)
When is it safe to pull out my Personal Key?CyberKey is finished accessing your Premium Personal Key as soon as you see the Windows Explorer screens appear for your vaults. For Free Keys, any time after you respond to the key upgrade offer, it's safe to remove the key.
What do I need to run CyberKey?To use CyberKey, you need a Windows 7 or Windows 8 computer with a USB slot. The Mac version of Cyberkey is looking promising in development.
You need 2 USB thumb drives. You can use any size drives - less than 5 MB is stored on the drives, and any information you might already have on the drives is left there. We recommend you not keep any sensitive data on a Personal Key, or any key you carry around with you.
CyberKey helps you get the most from your installation of TrueCrypt, the proven standard
for implementation of the AES-256, Twofish-256, and Serpent-256 encryption algorithms.
Server-side encryption can no longer be trusted. TrueCrypt delivers local, open-source, tested encryption capability.
Install TrueCrypt before you install CyberKey.
TrueCrypt is available free here.
Where should I store my Data Vault?You can store your encrypted data on any local drive or network drive that your computer can access. For many people, automated cloud synchronization makes the most sense, to get backup and disaster recovery, or to share access with trusted colleagues. For third-party cloud storage, we recommend Dropbox and Google Drive. Both are free, and when used with CyberKey, offer reliable, automated backup for your sensitive information.
Dropbox is available here.
Google Drive is available here.
Why does CyberKey recommend cloud storage?Good security starts with ensured access. You need to make absolutely certain you don’t lose your critical information when your computer is lost, stolen or broken. By default, CyberKey stores your encrypted data in a Cloud-Synchronized file. This gives you fully automatic backup and offsite recovery capabilities. If you use cloud services at DropBox or Google, CyberKey will offer to store your data there. CyberKey helps you get the best from cloud storage, without worrying about security breaches, rogue employees, or data seizures.
What are the main security risks?CyberKey offers strong protection against many security threats, but it is not an anti-virus tool. You have strong protection against data theft when your computer is stolen or accessed without your keys. When you use CyberKey to store sensitive data in the cloud, you have strong protection against loss of data, strong protection from thieves sniffing your network connections to the cloud, and strong protection against illicit access to your cloud storage. However, with or without CyberKey, a virus installed on your computer can gain access to any sensitive data you access. You must be vigilant against viruses.
CyberKey uses TrueCrypt to perform on-the-fly encryption of information you store in your Data Vault. Also, the CyberKey installer addresses a major loophole in Windows security by encrypting your pagefile. However, CyberKey does not protect your data in scenarios where information may be written by the operating system to the hibernation file. Also it cannot protect against detection of unencrypted information that stays in RAM for several seconds after a computer is powered down (Cold Boot Attack).
You should never hibernate with a Cyberkey key inserted. CyberKey recommends that you completely disable hibernation. To disable hibernation, open an administrative command prompt ( Start -> type "cmd" -> right click on cmd.exe -> choose Run as Administrator), then enter "powercfg -h off" in the window. Close the command window.
How does CyberKey generate random numbers?High quality cryptographically strong random numbers are critical for achieving good security in today's environment. CyberKey software running on your computer generates random numbers uses HMAC-DRBG, using the SHA2-512 Hash, seeded and updated using random numbers both from your PC, and the timing of your mouse clicks throughout the setup process. You can learn more here.
How do I know CyberKey doesn't have a backdoor?After download and licensing, you can run CyberKey with no network connectivity whatsoever. And during vault creation, you can edit your own master keyfiles, and verify that only your chosen 512-bit master keyfile will open a CyberKey vault. If you want to manually edit your keyfiles: Before using the CyberKey Factory to create a new vault, create a text file in your home directory called ".encryption.txt" and place the word "edit" anywhere in the first line of the file. When the CyberKey Factory runs, it will allow you to create your own keyfile. TrueCrypt experts can verify that the vault created cannot be opened without your specific keyfile by pointing TrueCrypt to the data vault, and to the keyfile that you customized. See the instructions in the TrueCrypt section of the FAQ.
Should I let CyberKey store my PIN for later use on my computer?You can tell CyberKey to store your PIN if you are sure you will not lose your Personal Key and your computer to the same thief, and you maintain the physical security of your Personal Key. (If a thief gets access to your Personal Key, he can copy it.)
How does CyberKey store my PIN when instructed to do so?Each time you create a Personal Key, your computer assigns it a unique 512-bit key. When inserted into your computer, this key unlocks a small TrueCrypt vault that is used to store your PIN if instructed.
Can I use CyberKey with a BioMetric Key to reduce the risks from Key duplication?Yes. After you successfully swipe your fingerprint, you may need to use Programs -> CyberKey -> Scan for Mounted Keys to get CyberKey to notice a biometric thumb drive.
How is my PIN verified?Your Personal Key stores a scrambled version of the Master Keyfile. When you enter a PIN, CyberKey calculates a 512-bit "trial descrambler" using the PBKDF2 (Password-Based Key Derivation Function) method, using a 512-bit salt stored on your Personal Key. That trial descrambler is XOR-ed with the scrambled key, and the result is a "trial Master Keyfile". CyberKey then points TrueCrypt at that trial Master Keyfile, to see if that Keyfile opens your Data Vault. If it does, the PIN is (obviously) verified. If it does not, it's the wrong PIN. There is no simpler way to verify a CyberKey PIN.
Why do people say "Passwords are Dead"?With the mass-production of cheap video-game processors and efficient Field-Programmable Gate Arrays (FPGAs), cyber security is changed forever. Several encryption algorithms remain unbroken by the academic community, but their security depends critically on passwords. And what we’d been taught about secure passwords is no longer valid: a handful of special characters can’t even stop a modest identity-theft ring. For about the cost of buying and powering a single-family house, thieves can now run a password-guessing array of video cards capable of running through a Terra-Password per Second (a TPS is 1,000,000,000,000 passwords hashed per second).
This sounds bad, but it gets even worse: Assuming government agencies across the globe are limited by power consumption, not acquisition costs, they will buy the more expensive FPGA technology. If FPGAs can be made 100x more efficient than video cards, governments will be able to run through about 10^18 passwords per second in each gigawatt data center they build – 1 Exa-Password per Gigawatt Second (or 1 EPGS).
If you can remember a password, thieves can probably figure it out.In this TPS / EPGS era, it might seem hopeless to secure your confidential information anywhere convenient. If you can remember a password, thieves can probably guess it. At the TPS rate, a password with 8 randomly chosen characters (including all the special characters on your keyboard) will be guessed within about (95^8 / 10^12) seconds, or about an hour, and a government’s gigawatt facility could have it in a snap. However, as you move to longer random passwords, they quickly become effectively un-guessable: 12 random characters will survive a single gigawatt attack for (95^12 / 10^18) seconds, or about a week, and 20 random characters would likely survive for trillions of years. CyberKey’s 512-bit random passcodes appear to be practically un-guessable with any technology currently envisioned.
Can I set the drive letter for my vaults?Yes. CyberKey automatically finds unused drive letters, and mounts vaults at the highest unused letters the first time it mounts the vault. From then on, it tries to mount vaults at the same letters it used in the past. You can override this by editing the file mountPoints.txt in the CyberKey folder in your application data folder (typically C:/Users/Mary/AppData/Roaming/CyberKeyScratch). For example, if you want to mount your vault CyberKey1 as the H: drive if H is unused, and the Q: drive is your second choice, put these two lines at the top of the file:
What if I get the Windows Scan and Fix screen?To eliminate this screen, click "Scan and fix", then click "Start" to automatically fix file system errors. You can then enter your PIN.
What encryption technology is used?
The ultimate freeware encryption program, TrueCrypt is loaded with powerful features...Outstanding.CyberKey helps you get the most from your installation of TrueCrypt – the standard for serious disk encryption. Even after the anonymous developers of TrueCrypt stopped contributing to the project, it remains the most tested open-source disk encryption system. And the TrueCrypt technology is now being supported by developers in Switzerland, so the technology can be updated for compatibility with future operating systems. CyberKey activates TrueCrypt’s time-tested implementation of 3 proven encryption algorithms: Serpent, Twofish, and AES, each sequentially cascaded with independent 256-bit keys in XTS mode. All three of these algorithms are currently thought to be secure by the encryption community, but if a fatal weakness is identified in any two of them, or if some government agency has secretly broken any two of these algorithms, your information is still secure.
Can I access my favorite settings in TrueCrypt?Yes. TrueCrypt experts can set their favorite encryption algorithm(s) and hash function. Before using the CyberKey Factory to create a new vault, create a text file in your home directory called ".encryption.txt" and place the names of the encryption algos you would like applied to your vaults. You may choose any or all of Serpent, Twofish, and AES. If this file is not present, or none of these are specified, CyberKey defaults to a cascade of all three encryption algorithms. On the same line, you may also specify the desired hash function. The first among SHA-512, Whirlpool, and RIPEMD-160 will be used. If not specified, the system will default to RIPEMD-160.
If I ever want to, can I access my CyberKey Data Vault using TrueCrypt, without using CyberKey software?Yes, using your Master Key. TrueCrypt users can launch TrueCrypt, choose a mount point, find their vault (Select File... to e.g. C:\Users\your_name\Dropbox\CyberKeyVaults\CyberKey1.dat click Open), select Mount, check "use keyfiles", click Keyfiles, select "add Files", find your master keyfile (e.g. select MasterKeyDrive:\CyberKey\Keys\Admin\CyberKey1.key, click Open), click "OK" to close the Keyfile screen, then click "OK" on the password screen.
Can I pay with Bitcoin?Yes.
How does the Bitcoin purchase work?Hit the copy button on the purchase page to copy our BitCoin address to your clipboard. Paste it into your Bitcoin program, and send us the Bitcoins. Within a few seconds of receiving multiple confirms, your payment will be recognized, and you can hit the "Buy Now" button to complete your purchase of a Premium Key license.
Do you offer anything special for securing Bitcoin wallets?Yes. During the setup process, CyberKey will look for Electrum and MultiBit installations. If either of those Bitcoin wallet programs are found, CyberKey will offer to copy the associated wallets into your new CyberKey Vault. If you accept this option, CyberKey will automatically launch your Bitcoin program every time you insert your Personal Key, allowing you to make payments using the secret keys while they are stored securely in a CyberKey Vault.
When you get comfortable using CyberKey, you can manually delete the original copy of your Bitcoin Wallet from its original location, so the only remaining copy in an online computer is stored in your triple-encrypted CyberKey Vault.
How do I get support?We look forward to helping you get the most out of CyberKey! Contact us at firstname.lastname@example.org