Atmel AVR Microcontroller
128x32 pixel Transreflective LCD with LED backlight
Rechargeable Lithium-Polymer Battery. Hold power for more then 14 hours of continuous use. Charges the battery immediately when the device is connected via USB.
Number of password entries
Crypto algorithms used
NIST approved AES-128, NIST approved CTR_DRBG, CBC-MAC, AES in counter mode and AES in CBC mode
USB keyboard layouts
English(US), Swedish, German, Norwegian, Danish, Swiss(German), Swiss(French), Mac English(US),Mac Swedish, Mac pro Swedish, Mac German,Mac Norwegian,Mac Danish,Mac Swiss(German),Mac Swiss(French),English(UK), Mac English(UK), French, Mac French
The microcontroller contains two flash memories, one storage flash memory that hold encrypted data and an protected external memory chip to hold it's internal crypto keys.
The stored content on Seclave, including passwords, labels, username and optional fields are encrypted with AES-128 using a high entropy random key.
The encryption and decryption is carried out internally on the microcontroller of Seclave.
This protected memory chip is design to protect unauthorized extraction of it's content, including protection against physical attacks.
The user unlock the protected flash memory with a two passcode words, which is validated by the memory If four incorrect attempts are carried out the content will be permanenty erased.
The internal entropy is managed using the NIST approved pseudo random generator CTR_DRBG, which uses AES-128 as the mixing function.
The random generator is seeded with entropy from several physical sources, including a highly random seed based on timing events triggered by user interaction, sensors measuring physical properties with natural noise.
The backup archives are encrypted with AES-128 in counter mode and authenticated using a CBC-MAC with a 128-bit high entropy random key. This makes the backup archive safe to expose to anybody, as long as the backup key is kept safe.
The backups are seeded and fully filled, so it is impossible to determine how many passwords that are contained on a backup.
It is also impossible to read out if anything or how much of the backuped data that has been changed between two backups without breaking the encryption.
The USB stack is written with security as a top priority as it act as an security boundary between the Seclave domain, which contains all passwords, and the computer it is attached to, which is only authorized to receive a subset of the stored passwords.
This is achieved by only implementing a bare minimum of what is needed to drive a HID keyboard and a USB mass storage device and at the same time treating all data that is received from the computer as potentially being invalid and dangerous.