Product information

Protect and manage your passwords

Seclave Password Manager version 2 out now.

Product image

Seclave Password Manager

Seclave Password Manager makes it a breeze to handle passwords and encryption keys in a secure manner. The product can be used stand alone or together with any of the provided software solutions. Version 2 out now. Package includes:

  • Seclave Password Manager version 2
  • Quick Guide
  • USB cable 50cm
  • USB cable for keychain

€81 / 799 SEK

Features

Import, store, secure, use and back up your passwords in a simple way.

Import

Seclave supports importing passwords from the KeePass password manager, or by using our secimport tool.

Store

Seclave stores your passwords and encryption keys so that you always have them when you need them

Secure

Your passwords are stored encrypted. The encryption key is protected with a passcode. After four erroneous passcode entry attempts seclave will wipe the encryption key and all of the stored passwords.

Use

Instead of entering passwords manually, just connect your seclave to a computer and it will act as a keyboard, entering your passwords when you tell it to.

Backup

Encrypted backups can be made to a computer via the usb port. If a unit is lost, the encrypted backup file can be imported into another unit for instant password recovery.

Generate

Seclave can generate new strong passwords for you, making it easy to have different passwords for all of your accounts.

Technical specification

Weight & dimensions

Weight: 23g Height: 39mm Length 65mm Width: 10mm

Battery

Rechargeable Lithium-Polymer Battery. Hold power for more then 14 hours of continuous use. Charges the battery immediately when the device is connected via USB.

Processor

Atmel AVR Microcontroller

Display

128x32 pixel Transreflective LCD with LED backlight

Number of password entries

500

Crypto algorithms used

NIST approved AES-128, NIST approved CTR_DRBG, CBC-MAC, AES in counter mode and AES in CBC mode

USB keyboard layouts

English (US), Swedish, German, Norwegian, Danish, Swiss (German), Swiss (French), Mac English (US),Mac Swedish, Mac Pro Swedish, Mac German, Mac Norwegian, Mac Danish, Mac Swiss (German), Mac Swiss (French), English (UK), Mac English (UK), French, Mac French

Menu language

English

Case material

ABS plastic

Compliance

CE

Security and technical details

Encryption & decryption

The microcontroller contains two flash memories, one storage flash memory that hold encrypted data and an protected external memory chip to hold it's internal crypto keys. The stored content on Seclave, including passwords, labels, username and optional fields are encrypted with AES-128 using a high entropy random key. The encryption and decryption is carried out internally on the microcontroller of Seclave. This protected memory chip is design to protect unauthorized extraction of it's content, including protection against physical attacks. The user unlock the protected flash memory with a two passcode words, which is validated by the memory If four incorrect attempts are carried out the content will be permanenty erased.

Backup

The backup archives are encrypted with AES-128 in counter mode and authenticated using a CBC-MAC with a 128-bit high entropy random key. This makes the backup archive safe to expose to anybody, as long as the backup key is kept safe. The backups are seeded and fully filled, so it is impossible to determine how many passwords that are contained on a backup. It is also impossible to read out if anything or how much of the backuped data that has been changed between two backups without breaking the encryption.

Entropy

The internal entropy is managed using the NIST approved pseudo random generator CTR_DRBG, which uses AES-128 as the mixing function. The random generator is seeded with entropy from several physical sources, including a highly random seed based on timing events triggered by user interaction, sensors measuring physical properties with natural noise.

Security boundaries

The USB stack is written with security as a top priority as it act as an security boundary between the Seclave domain, which contains all passwords, and the computer it is attached to, which is only authorized to receive a subset of the stored passwords. This is achieved by only implementing a bare minimum of what is needed to drive a HID keyboard and a USB mass storage device and at the same time treating all data that is received from the computer as potentially being invalid and dangerous.