The Hackaday community is currently working on an offline password keeper, aka Mooltipass. The concept behind this product is to minimize the number of ways your passwords can be compromised, while generating and storing long and complex random passwords for the different websites you use daily. The Mooltipass is a standalone device connected through USB and is compatible with all major operating systems on PCs, Macs and Smartphones. More details on the encryption and technical details can be found on our github repository readme or by having look at all the articles we previously published on Hackaday.
As you can see from our commit activity these last weeks have been extremely busy for us. We finally have a firmware that uses all the different libraries that our contributors made but also a chrome plugin and extension that can communicate with our Mooltipass. We’re very happy to say that our system is completely driverless. A video will be published on Hackaday next week showing our current prototype in action as some of the contributors are already using it to store their credentials.
We selected 20 beta testers that will be in charge of providing us with valuable feedback during the final stages of firmware / plugin development. Selection was made based on how many passwords they currently have, which OS they were using but also if they were willing to contribute to the prototype production cost. We expect them to receive their prototypes in less than 2 months as the production funds were wired today.
We think we’ve come a long way since the project was announced last december on Hackaday, thanks to you dear readers. You provided us with valuable feedback and in some cases important github push requests. You’ve been there to make sure that we were designing something that could please most of the (non) tech-savy people out there and we thank you for it. So stay tuned as in a week we will be publishing a video of our first prototype in action!
Want to chat with us? You can join the official Mooltipass Google Group or follow us on Hackaday Projects.
The last few weeks have been quite tense for the Mooltipass team as we were impatiently waiting for our smart cards, cases and front panels to come back from production. Today we received a package from China, so we knew it was the hour of truth. Follow us after the break if you have a good internet connection and want to see more pictures of the final product…
Continue reading “Developed on Hackaday: We Have Final Prototypes!”
It has been a while since we wrote an article about our ongoing offline password keeper project, aka the Mooltipass. Our last post was asking our dear readers to vote for their favorite card art, so what have we been doing since then?
For the last few weeks we’ve mostly been improving our current PCBs and case design for the production process to go smoothly. The final top PCB shown above has been tweaked to improve his capacitive touch sensing capabilities, you may even see a video of the system in action in the Mooltipass project log on hackaday.io. We’ve also spent some time refining the two most popular card art designs so our manufacturers may print them correctly. We’ll soon integrate our updated USB code (allowing the Mooltipass to be detected as a composite HID keyboard / HID generic) into the main solution which will then allow us to work on the browser plugin.
It’s also interesting to note that we recently decided to stop using the GPL-licensed avrcryptolib. Our current project is CDDL licensed, allowing interested parties to use our code in their own project without forcing them to publish all the remaining code they created. The GPL license enforces the opposite, we therefore picked another AES encryption/decryption implementation. This migration was performed and checked by our dedicated contributor [Miguel] who therefore ran the AES NESSIE / CTR tests and checked their output, in less than a day.
We’re about to ship the first Mooltipass prototypes to our active contributors and advisers. A few weeks later we’ll send an official call for beta testers, just after we shown (here on Hackaday) what the final product looks like. Don’t hesitate to ask any question you may have in the comments section, you can also contact us on the dedicated Mooltipass Google group.
The Hackaday writers and readers are currently working hand-in-hand on an offline password keeper, the Mooltipass. A few days ago we presented Olivier’s design front PCB without even showing the rest of his creation (which was quite rude of us…). We also asked our readers for input on how we should design the front panel. In this new article we will therefore show you how the different pieces fit together in this very first (non-final) prototype… follow us after the break!
Continue reading “Developed on Hackaday: Olivier’s Design Rundown”
The Hackaday community offline password keeper is slowly coming together. A few days ago we received the top PCB for Olivier’s design (shown above). If you look at the picture below, you may see the problem we discovered when opening our package: the soldermask was the wrong color! Given the board is meant to be placed behind a tinted acrylic panel, this was quite a problem…
After using some spray paint, we managed to get to the point shown in the bottom left of the picture. The next task was to find the best way to illuminate the input interface with reverse mount LEDs. Using a CNC mill we machined openings (top right PCB) but also removed some epoxy on both PCB’s sides, thinking it would provide a better light diffusion. We then wrote part of the Mooltipass PWM code and took these pictures:
Continue reading “Developed on Hackaday: The Top PCB dilemna”
We’re sure that many of Hackaday readers already know that one of the two main components of the Mooltipass project is a smart card, containing (among others) the AES-256 encryption key. Two weeks ago we asked if you’d be interested coming up with a design that will be printed on the final card. As usual, many people were eager to contribute and recently sent us a few suggestions. If you missed the call and would like to join in, it’s not too late! You may still send your CMYK vector image at mathieu[at]hackaday[dot]com by sunday. More detailed specifications may be found here.
In a few days we’ll also publish on Hackaday a project update, as we recently received the top and bottom PCBs for Olivier’s design. The low level libraries will soon be finished and hopefully a few days later we’ll be able to ship a few devices to developers and beta testers. We’re also still looking for contributors that may be interested in helping us to develop browser plugins.
The Mooltipass team would also like to thank our dear readers that gave us a skull on Hackaday projects!
Some of our readers noticed that the Hackaday community open-source offline password keeper (aka Mooltipass) has two incompatible characteristics: being secure and Arduino compatible.
Why is that? Arduino compatibility implies including a way to change the device firmware and accessing the microcontroller’s pins to connect shields. Therefore, some ill-intentioned individuals may replace the original firmware with one that would log all user’s inputs and passwords, or in another case simply sniff the uC’s signals. The ‘hackers’ would then later come to extract the recorded data. Consequently, we needed a secure tamper-proof Mooltipass version and an Arduino-compatible one, while allowing the former to become the latter.
Olivier’s design, though completely closed, will have several thinner surfaces directly above the Arduino headers. As a compromise, we therefore thought of sending a bootloader-free assembled version to the people only interested in the password keeper functionality, while sending a non-assembled version (with a pre-burnt bootloader) to the tinkerers. The Arduino enthusiasts would just need to cut the plastic at the strategic places (and perhaps solder headers to save costs). The main advantage of doing so is that the case would be the same for both versions. The drawback is that each board would have a different firmware depending on who it is intended for.
What do our reader think? For more detailed updates on the Mooltipass current status, you can always join the official Google group.