Developed on Hackaday: the Current Project State

It has been quite a while since we updated our readers with the current state of the Mooltipass, the offline password keeper project developed by the Hackaday staff and community.

A few weeks ago we presented you the designs that our mechanical contributors had thought of. We organized a poll to get a feeling of what the favorite designs may be and around one thousand people expressed their opinions. The first three favorite designs with their corresponding votes were:

As we don’t want to put all our eggs in the same basket, most of our mechanical contributors are still continuing to work on the popular designs. Their current task concerns the electronics integration inside the different cases.

In the mean time, several prototypes were hand soldered and shipped to the firmware developers located all over the world.

Three to fourteen days later, they could start working on the firmware tasks they had picked. Luckily enough no platforms were harmed during transport, though my 8 years old AVRISP recently died. Several ground rules were strictly established in order to get a good cooperation going. At the moment, we’re quite happy using google groups and Trello to discuss and keep track of the development process.

Things are therefore smoothly progressing. We hope to launch into production other PCB versions (made for the designs) in +/- one month and later ship the assembled prototypes to selected beta testers. That’s an optimistic guess of course! If you’re interested in more constant updates or want to reach the development team, you may join the Mooltipass Google Group.


  1. Jamie Bliss says:

    How do we get on the beta list?

  2. Brian says:

    I’m glad to see the progress being made. I will definitely be interested in buying one of these when it is finished :)

  3. Master of Entropy says:

    I’ve heard rumors that paper, pencil and steganography were developed some centuries ago and people used to trust it more than the rather volatile EEPROM inside an AVR.

    Furthermore everyone would be better off carrying their public RSA keys with them instead of this toy and using PGP everywhere. Would make NSAs work a lot harder.
    And if once in the future the day comes and I can’t remember my passwords or decipher them on my paper backup, I’d rather reach for my gun instead of that thing, because life with Alzheimer’s disease is miserable.

  4. default_ex says:

    Totally thought that one button thing was a new controller for Fable IV. That’s really all they were missing from Fable III, wedging the rest of the controls (i.e. movement) into one button.

  5. Ren says:

    around one thousand people ,
    yeah, but my comments didn’t amount to much! B^)

  6. Figureitout says:

    Liked that you’re (Mathieu and the google group) is taking into account Java on SIM card vulnerabilities for this. That you’re shipping the product around the world to develop it is very cool too. Good work.

  7. replic8tor says:

    What stops MITM/recording of keys sent from the mooltipass? Is that not a concern with this device?

    • The only way to circumvent this kind of attack would be to perform mooltipass to website encryption, which would require us to make partnerships with them directly.
      The mooltipass goal is to reduce to a strict minimum the number of attack vectors.

      • replic8tor says:

        Ofcourse.. these days I am more and more concerned about the devices handling my input….

        Maybe a service ala OAuth utilizing ZKP. Solid implementations exist, SRP(-6) comes to mind.

        Might be an interesting feature/module.

        • definitely :)

          • replic8tor says:

            I’d be the first to add the skull n’ wrench compatible logo to my website!

            I realize your intent though, by me asking if “that [was] not a concern with this device” I was intending to figure out if this was trying to address that problem or not. Certainly though as you put it, it is out of the scope of a key holding device.

            Thanks for your response, I’ve been following this project as it has all of my interests in a single package. Each step this project has really shown what a great device can come out of a community like this,

          • Thanks a lot!
            We should keep in touch to implement this once we have a basic firmware up and running… are you in the google group?

          • replic8tor says:

            I just joined the group, was only lurking before.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


Get every new post delivered to your Inbox.

Join 96,562 other followers