Information is stored in the device’s memory in encrypted form using the AES256 encryption algorithm. This is a symmetric block encryption algorithm that is used by security services to protect state secrets and other important information.
The encryption key is generated from a combination of random numbers, a microcontroller ID, and a PIN code. The ID is known only to the device itself, and the PIN code is not stored explicitly in the device’s memory.
When configuring Crypto Kakadu through the Kakadu Manager program, you can create a backup copy of all logins, passwords and settings. It is encrypted with a master password using the AES256 encryption algorithm.
Is a single PIN enough to protect access to the device?
Yes. To access the information on Crypto Kakadu, the user must manually enter the PIN code. This access ensures that in case of theft, the attacker does not unlock the device, since he does not know the installed code.
The user invents a PIN code at the time of device configuration. After every 5 failed attempts, the device stops responding to any actions for an hour or until the USB is disconnected and completely disconnected. In total, after 15 unsuccessful attempts to enter the PIN code, the device memory is erased.
At each start, the remaining number of attempts is displayed before the device is erased. This will allow you to see if someone tried to pick up a PIN in your absence.
What if I lose my Cockatoo?
Nothing terrible will happen. Outsiders will not gain access to your passwords because they do not know the PIN code. The only thing they can do is write their own data on Crypto Kakadu. The previous passwords will be erased.
If you have lost Crypto Kakadu, you can restore information using a backup copy. It is created using the Cockatoo Manager and stored in encrypted form on a computer, external drive or in the cloud. Neither the master password for the copy, nor the passwords themselves are stored anywhere in the clear. All that remains is to buy a new Crypto Kakadu, write a backup copy on it, and continue to be more careful.
Is it possible to access the data stored in Kakadu using PIN code brute force?
Not. To verify the entered PIN code, the SHA-256 cryptographic hashing algorithm is used. PIN code protection includes 3 cycles of 5 attempts. After every 5 unsuccessful attempts to enter a password, the device stops responding to any actions for an hour or until the device is disconnected from USB. In total, after 15 unsuccessful attempts to enter the PIN code, the device memory is erased.
Each time Crypto Kakadu is launched, the remaining number of attempts is displayed on the screen before erasing the device. This will let you see if someone tried to pick up the PIN code while you were away.
Is it possible to access the data stored in Crypto Kakadu by in-circuit intervention?
Crypto Kakadu uses a read-only microcontroller that prevents attempts to read information, whether it be device firmware or user data. It is possible to remove protection only by completely erasing the memory of the microcontroller. In this case, in addition to user information, the device firmware will also be erased.
Theoretically, there is a way of “physical” layer-by-layer scanning of a microcontroller to access the information stored in it. However, such an operation is expensive and in 80% of cases ends in failure. Therefore, if you do not store access codes to launch rockets on Crypto Kakadu, there is nothing to fear.
Can I hack Crypto Kakadu through an infected computer?
In operating mode, Crypto Kakadu is recognized as a USB keyboard and does not accept any commands from the device to which it is connected. Even if there is a virus on the computer or smartphone, they will not distinguish Crypto Kakadu from a regular keyboard. Therefore, malware will not get to the device’s memory.
The danger is only the moment when the device is configured. In such a situation, it is important to check your PC for viruses and malware. If you are not sure about the security of your home computer, do not sync Crypto Kakadu.
Is it possible to crack Crypto Kakadu when it is configured through the application?
It is impossible to crack the Crypto Kakadu device itself. But attackers can steal application data when configuring a device on an infected computer. This is the only way to steal your information.
Therefore, it is extremely important to install the Kakadu Manager application and configure the device on a trusted PC with activated antivirus. We recommend that you use only your home computer, the safety of which you are sure of, to configure Crypto Kakadu.
Can I hack data backup?
A backup copy of all data and settings is encrypted with a master password using the AES256 encryption algorithm. The master password consists of at least 8 characters, it is invented by the user himself.
The backup is stored on a home computer, other physical media, or in the cloud. Thanks to the copy, you will quickly recover information, even if you lost or damaged your Crypto Kakadu.
A complex master password protects the backup. If attackers gain access to the backup storage location, it will take decades to crack the hacking method. Therefore, try to come up with a strong password, or use the password generator in Cockatoo Manager.
Storing passwords in a file on a computer?
Passwords stored in text files on a computer are vulnerable to most malware. Attackers infect computers using untrusted links and virus programs. So they easily access all the files on your device.
Crypto Kakadu does not connect to the Internet and does not accept any files from the computer. It cannot be infected or hacked.
Local software password managers?
Software password managers are safer than storing information in text files. But they have flaws. Such programs create an encrypted database and store it on a computer. If the computer becomes infected with a virus, scammers will gain access to the entire database.
In the case of Crypto Kakadu, all information is stored on a physical device in encrypted form. Remote access to it is not possible. Even if attackers get a backup, they won’t be able to use it. Information from the copy is encrypted with the reliable AES256 algorithm, which is used by security services in many countries of the world.
Cloud Password Managers?
To work with cloud password managers, you need the Internet. If you are traveling, or working without the Internet, such programs will not work. In addition, attackers can hack into the cloud, and sometimes the service may not work at all for “technical reasons”.
With Crypto Kakadu there will be no interruptions. It does not require an Internet connection, is compatible with any device, and receives power via USB from the device. Even if you lose Crypto Kakadu, you will have a backup that you can easily transfer to your new device.
Storing passwords on a piece of paper?
At first glance, it seems that passwords are safely stored on paper. They can not be reached remotely, hacked or infected with a virus. However, entering long passwords from paper is inconvenient and takes too much time. When entering, it is likely that he will be noticed by a person sitting next to him. In addition, it is difficult to rewrite the long keys of crypto-wallets daily, or switch between social network accounts. Moreover, if the password changes, it will be difficult to fix it on paper. And if you lose it, recovering passwords will be difficult.
There are no such problems with Crypto Kakadu. He automatically enters the necessary passwords, and strangers will not be able to spy on the password because of the shoulder. Even if you lose Crypto Kakadu, the data is easy to restore using a backup, and at the time of transferring the database, you can change passwords to new ones.
Other hardware password managers?
Hardware solutions for secure password storage are present on the commercial market in the form of DIY projects.
One example is encrypted storage. They have a password and store documents. However, such devices are an order of magnitude lower than Crypto Kakadu in terms of security and access. In addition, they do not know how to enter passwords automatically.
Another analogue is a card reader, in which a smart card with passwords recorded on it is placed. But such cards are easy to lose, and the device configuration is not possible on all devices.
The advantages of Crypto Kakadu over alternative password managers are compactness, security and versatility. The device is made in a single housing and does not require any additional parts. Kakadu uses modern algorithms such as AES256 and SHA-256 to encrypt information. Crypto Kakadu is compatible with devices on any operating system, and it does not require the Internet and alternative power sources to work.