A year and two days ago, [Mathieu] started out on a quest to develop some hardware with the help of Hackaday readers. This project became known as the Mooltipass, an open source offline password keeper that’s pretty much a password management suite or Post-It notes on a monitor, except not horribly insecure.
The product has gone through multiple iterations of software, [Mathieu] flew out to China to get production started, and the project finally made it to a crowdfunding site. That crowdfunding campaign is almost over with just eight days left and just a little bit left to tip this project into production. This is the last call, all hands in, and if you’re thinking about getting one of these little secure password-storing boxes, this is the time.
You can check out the Developed on Hackaday series going over the entire development of the Mooltipass, made with input from Mooltipass contributors and Hackaday readers. The Venn diagram of those two groups overlaps a lot, making this the first piece of hardware that was developed for and by Hackaday readers.
Even if you have a fool-proof system of remembering all your passwords and login credentials, the Mooltipass is still a very cool-looking Arduino-compatible board. Note that (security device) and (Arduino thing) are two distinct operating modes that should not be conflated.
[Mathieu] and other contributors will be in the comments below, along with a bunch of ‘security researchers’ saying how this device ‘is horrifying’, ‘full of holes’, and ‘a terrible idea’. One of these sets of people have actually done research. Guess which?
The 2015 Midwest RepRap Festival, a.k.a. the MRRF (pronounced murf) was just announced a few hours ago. It will be held in beautiful Goshen, Indiana. Yes, that’s in the middle of nowhere and you’ll learn to dodge Amish buggies when driving around Goshen, but surprisingly there were 1000 people when we attended last year. We’ll be there again.
A few activists in St. Petersburg flushed GPS trackers down the toilet. These trackers were equipped with radios that would send out their position, and surprise, surprise, they ended up in the ocean.
[Stacy] has been tinkering around with Unity2D and decided to make a DDR-style game. She needed a DDR mat, and force sensitive resistors are expensive. What did she end up using? Velostat, conductive thread, and alligator clips.
The Open Source RC is a beautiful RC transmitter with buttons and switches everywhere, a real display, and force feedback sticks. It was a Hackaday Prize entry, and has had a few crowdfunding campaigns. Now its hit Indiegogo again.
Speaking of crowdfunding campaigns, The Mooltipass, the designed-on-Hackaday offline password keeper, only has a little less than two weeks until its crowdfunding campaign ends. [Mathieu] and the rest of the team are about two-thirds there, with a little more than half of the campaign already over.
Around 500 awesome people backed the Mooltipass offline password keeper crowdfunding campaign, raising a total of $50k in less than a week… which is nearly half our goal.
The development team and I would therefore like to thank our readers for their support. We were featured by several electronics websites, which definitely helped spreading the world of open source security devices. Many interesting discussions spawned in either our comments section or official Google Group. One new contributor even started looking into implementing TOTP on the Mooltipass.
Another hot topic was a possible smaller and more powerful Mooltipass v2, implementing other functionalities like U2F and encrypted file storage. You may therefore wonder why we didn’t start with it… the reason is simple: limited resources. Our project is made by (great) non-remunerated contributors who took a lot of their spare time to work on the Mooltipass v1. We therefore preferred working on something we’d be sure we could deliver rather than wasting $4M by making promises. We therefore hope that our crowdfunding campaign might allow an even bigger collaboration around a Mooltipass v2!
For a little less than a year open source enthusiasts from all over the globe got together to work on an open source offline password keeper. We narrated our progress here on Hackaday and always asked our readers’ opinion when critical decisions were to be made.
Today, the wait is finally over: the Mooltipass crowdfunding campaign finally arrived.
Our Mooltipass Developed on Hackaday series therefore come to an end. We would like to thank you for your support and hope that you enjoyed seeing an idea materialize into a crowdfunding-ready product!
In one month the Mooltipass offline password keeper project will be one year old.
We hope that our twice a month Developed on Hackaday series posts allowed our dear readers to see what are the steps involved in a device’s life, going from idea to prototype to crowdfunding-ready product. The Mooltipass is the fruit of a unique world-wide collaboration around open source, developed by and for security minded people who (for most of them) never saw each other. Relating our progress here enabled us to benefit from our readers’ feedback and make sure that we didn’t miss important wanted features. Contrary to other campaigns that we often debunk on Hackaday, we preferred to wait until we had a beta-tester approved device to move to the crowdfunding stage. Our geekiest readers will therefore find the launch date embedded in this post, other may want to subscribe to our official Google group to stay updated.
In a few weeks the Hackaday community offline password keeper will reach a crowdfunding platform. This is a necessary step as only a high production volume will allow our $80 early bird perk target. We’ll therefore need you to spread the word.
Thanks to the Chromium development team, a few days ago the Mooltipass installation process became as simple as installing our app & extension. As you may remember, our device is enumerated as composite HID proprietary / HID standard keyboard. This makes it completely driverless for all operating systems and enables standalone operation as the Mooltipass can type logins and passwords selected through its user interface. Management communications are therefore done through the Mooltipass HID proprietary interface, which Chrome 38 now natively supports through its chrome.hid API. The simpler our installation process is, the more likely the final users will appreciate the fruit of our hard labor.
The development of the Hackaday community offline password keeper has been going on for a little less than a year now. Since July our beta testers have been hard at work giving us constant suggestions about features they’d like to see implemented and improvements the development team could make. This led up to more than 1100 GitHub commits and ten thousand lines of code. As you can guess, our little 8bit microcontroller’s flash memory was starting to get filled pretty quickly.
One of our contributors, [Miguel], recently discovered one compilation and one linker flags that made us save around 3KB of Flash storage on our 26KB firmware with little added processing overhead. Hold on to your hats, this write-up is going to get technical…
Many coders from all around the globe work at the same time on the Mooltipass firmware. Depending on the functionality they want to implement, a dedicated folder is assigned for them to work in. Logically, the code they produce is split into many C functions depending on the required task. This adds up to many function calls that the GCC compiler usually makes using the CALL assembler instruction.
This particular 8-bit instruction uses a 22-bit long value containing the absolute address of the function to call. Hence, a total of 4 flash bytes are used per function call (without argument passing). However, the AVR instruction set also contains another way to call functions by using relative addressing. This instruction is RCALL and uses an 11-bit long value containing the offset between the current program counter and the function to call. This reduces a function call to 2 bytes and takes one less clock cycle. The -mrelax flag therefore made us save 1KB by having the linker switch CALL with RCALL instructions whenever possible.
Finally, the -mcall-prologues compiler flag freed 2KB of Flash storage. It creates master prologue/epilogue routines that are called at the start and end of program routines. To put things simply, it prepares the AVR stack and registers in a same manner before any function is executed. This will therefore waste a little execution time while saving a lot of code space.
More space saving techniques can be found by clicking this link. Want to stay tuned of the Mooltipass launch date? Subscribe to our official Google Group!