Yes. All user data stored inside device in double-encrypted form.
The AES-256 algorithm is used, which gives the strongest security. Moreover, additionally to AES-256 data is also crypted (double-encryption) with one more "secret" algorithm to confuse attackers.
"Secret" means that we don't disclose the name of this algorithm and it's parameters. This double-encryption scheme with one unknown algorithm complicates crypto analysis.
No, it would takes dozen of years of computer resources to decrypt data. As we mentioned before, all user data is double-encrypted. The encryption key - is PIN code that user should enter to start working with QUANTUM. The PIN code size could be as long as 20 characters (A-Z, a-z, 0-9, special characters), this provides billions of combinations.
Yes. Before attacker can start working with decryption he should read out data from device. The device memory is read-protected, so it's even a big deal to get encrypted data from device.
Yes. There is a time delay before you can try to enter PIN again if you enter wrong PIN on start. The first time it's 1 second, then 2 seconds, then 4, etc. It's doubled each time you failed. For example after 10 fails - 17 minutes, after 15 fails - 9 hours, and so on.
It depends on what operations you are going to do. It's safe if you want to send or receive crypto currency. All private keys are always used inside QUANTUM to sign transactions, so they couldn't be stolen.
Safe cryptocurrency operations: - Viewing wallet balance. You don't need private key for this, just wallet address, which is not essential data. - Receiving cryptocurrency. The same reason. - Sending cryptocurrency. Signing is done inside device, private key is not disclosed during process. - Generating random wallet. Private key is generated inside device. - Deleting wallet. No private key is exposed. Unsafe cryptocurrency operations: - Viewing private key. It could be stolen by malware from application window after it been shown. But you have to confirm with OK button on device before it will be shown. - Creating wallet by entering private key. Private key could be stolen by malware while entering. Safe passwords operations: - Generating random password. Password is generated inside device. - Deleting password. No password is exposed. - Adding FIDO U2F to password. U2F key is generated inside device. - Deleting 2FA. Unsafe password operations: - Viewing password. It could be stolen by malware from application window after it been shown. But you have to confirm with OK button on device before it will be shown. - Adding passwords. Password could be stolen by malware while edited. - Adding HOTP/TOTP 2FA. 2FA key could be stollen by malware.
The safest way is to use it without connecting to PC. You can use any power bank or phone charger with micro USB cable to power up the device and make essential operations via device menu. For example you can add wallet by entering private key, or view private key on device LCD. Generating new random wallet is the most secure way. You could be sure that wallet private key never was outside.
Quantum Manager is written on JavaScript and is open source. You can analyze it and see that only few APIs are used to communicate with server: get wallet balance by address, broadcast transaction, get cryptocurrency exchange rate etc.
No. All essential operations should be confirmed by user pressing OK button on device. Before confirming you will see the money destination address on device LCD.
No. We do strongly recommend to backup your data. You may purchase another QUANTUM device and restore all your data from backup copy. The backup copy is one more time double-encrypted with backup PIN code, so in fact it's four times crypted.