Do I need a supercomputer to benefit from tiCrypt?

No. tiCrypt runs on standard compute environments. While higher core counts improve throughput, the system is designed to operate efficiently on conventional infrastructure.

Does Tera Insights manage or access our systems?

No. Tera Insights personnel do not have access to customer systems. tiCrypt is deployed and operated entirely under customer control.

Do you sell tiCrypt to customers outside the US & Canada?

No. For export-control and compliance reasons, tiCrypt is sold only to customers in the United States and Canada, and must be installed on servers located within those countries.

Does tiCrypt operate in a fully isolated, air-gapped environment?

While it is not inherently air-gapped, it supports strong logical isolation, end-to-end encryption, and strict access control to protect CUI.

How are tiCrypt VMs different than traditional VMs?

• Secured at start-up: VM controller changes all password and blocks all ports except port 22.
• No VM access: direct connections, SSH logins, or other remote servers do not work, access to VM is via a tiCrypt proxy only
• Encrypted drives: data is always encrypted, away from admins
• FIPS-180 compliant TLS tunnels: traffic moves through a public-key-based authentication tunnel (more restrictive than SSH)
• Restricted internet access: protection against accidental or intentional information leaks

What is the difference between default-open and default-shut security models?

A default-open security model allows access unless it is explicitly restricted.

• Relies on firewalls, perimeter defenses, and access control lists (ACLs)
• Common in traditional solutions and architectures

A default-shut security model denies access unless it is explictly allowed.

• Uses public-key cryptography (PKC) and end-to-end encryption
• Build within tiCrypt protection layer

How does a user recover their lost private key in tiCrypt?

Users can recover their lost private keys through a process called escrow (see whitepaper).Escrowing is slow and traditional to prevent social engineering.

If there are no passwords, how do users log into tiCrypt?

Users do provide a password to attach their private key to tiCrypt. However, authentication does not rely on the password itself. Instead, the system validates the user by verifying the hash of the digital signature of their private key, similar to how blockchain systems like Bitcoin confirm ownership.

Is tiCrypt compatible with Nutanix, or is Nutanix required?

tiCrypt is compatible with Nutanix, and it is not required. tiCrypt can run on bare metal with RedHat Enterprise, CentOS, Rocky, or Springdale 7+ installed.

Does tiCrypt support MFA (Multi-Factor-Authentication)?

Yes. You can add MFA on top of the current security layout for enhanced security.

What browers are appropriate to run tiCyrpt on?

tiCrypt can run on Opera, Microsoft Edge, Chrome and Firefox, however, you can install the tiCrypt application for an enhanced user experience.

Do you have any case studies or a whitepaper?

• Princeton University – Research Data Environment case study
• Nutanix / University of Maryland joint case study
• Article – Secure Research Infrastructure Using tiCrypt
• tiCrypt Whitepaper