Around 500 awesome people backed the Mooltipass offline password keeper crowdfunding campaign, raising a total of $50k in less than a week… which is nearly half our goal.
The development team and I would therefore like to thank our readers for their support. We were featured by several electronics websites, which definitely helped spreading the world of open source security devices. Many interesting discussions spawned in either our comments section or official Google Group. One new contributor even started looking into implementing TOTP on the Mooltipass.
Another hot topic was a possible smaller and more powerful Mooltipass v2, implementing other functionalities like U2F and encrypted file storage. You may therefore wonder why we didn’t start with it… the reason is simple: limited resources. Our project is made by (great) non-remunerated contributors who took a lot of their spare time to work on the Mooltipass v1. We therefore preferred working on something we’d be sure we could deliver rather than wasting $4M by making promises. We therefore hope that our crowdfunding campaign might allow an even bigger collaboration around a Mooltipass v2!
Congratulations Mathieu! TOTP would certainly tickle my fancy… Could you expand on the graphic sometime? I looked at the KS campaign, and still couldn’t work out what it was trying to convey – is it how the pledge will be spent? If so what are you buying software wise and whilst I’m sure you need a very well earned sit down in a nice wooden chair, I’m guessing that’s not what the icon represents :-)
Thanks!
Well of all Mooltipass pledges the funds will be indeed spent like shown on this graphic.
The “chair” is actually a mooltipass stand! We’ll shortly announce strech goals…
the only thing that is stopping me from getting one is lack of proper pin pad
It has been argued that having a wheel pin entering touch pad is better than a proper pin pad to avoid leaking information by having an attacker see which keys are used the most.
I agree, PIN pad hacking is easy to do with the NOIR camera from sparkfun:
http://www.popsci.com/technology/article/2011-08/heat-hacking-criminals-can-steal-your-atm-pin-code-heat-your-fingers-leave-behind
…. that’s not how no-IR works… completely wrong range of spectrum.
The NoIR camera module has the IR filter removed, so it actually picks up MORE IR.
It still wouldn’t work though, as you’d need much more heat than produced by humans for camera to pick it up.
I think your crowd funding is hitting on competitionhttps://www.kickstarter.com/projects/everykey/everykey-the-wristband-that-replaces-keys-and-pass
Might make your product harder to sell because its not as cool looking as this, to my eyes, useless device
Hmm so the ‘everykey’ is basically 1password but instead of authenticating by typing in your primary password, you use this bluetooth wristband.
Although I’ve pledged for a mooltipass, I still have my doubts if it really offers any additional security over something like the OS X keychain. I know why mathieu says it’s more secure but I dunno if that argument really holds up.
It may not be as cool looking, but I never trust a kickstarter that has not completed manufacturing and beta testing. It shows a lack of real investment capital and faith in your product.
Did you see how they avoided answering Paul Moore’s technical questions?
Not surprising when you look at their staff. You have the high ups who started and then you have all of the minions who have been proposed this grand start up idea. If things get hard after the kickstarter, they will see reality and start jumping. Been there and done that.
The CEO is just trying to make a quick buck. Read between the lines on his Linkden page. https://www.linkedin.com/pub/chris-wentz/27/242/651
that’s a bit worrying…
wait… is it you commenting on the everykey’s campaign?
TBH I often get pissed about how easy it is for someone to scam people by just making a nice video and quickly made proof of concept with a few parts laying around…
It was me who commented, mostly to spur some action. It worked. They replied to Paul Moore’s information. I have done this on more than one occasion. Every time I see a kickstarter campaign that does it right, I repost and share with my friends, like I have done with this project. When I see campaigns that are lacking or scams, I either comment or I report. There is no accountability. I just try to get people to ask questions and to think. Go below the surface and question. If everything is on the up and up, people who start those campaigns will typically rise to the occasion and make things more robust or open.
that’s a healthy attitude! :)
Why is chosen for the, “composite HID keyboard / HID proprietary device” (2 hid devices). And not for HID keyboard + data over usb feature reports, so only one hid device is shown and there is no potentially unknown second hid device for data transfer to the Mooltipass device?
You actually only see one device with 2 interfaces.
The HID data channel is for credential management while the HID keyboard channel is for manual password recall.
I wonder if this might be available in Europe(specifically: NL) at an affordable price, I followed the project since the beginning and have been interested ever since. Glad to see that the project’s quickly reaching its goal!
Free worldwide shipping.. You can pledge for one right now..
Oh? Should’ve read further than the length of my nose then.
Mathieu,
Any chance of adding more ABS single orders to the kick start?
Thanks,
Frank
Hey Frank,
I’m not sure of what you mean… something different than the $100 pledge?
Mathieu
The crowd funding page said that 100 of 100 ABS have been purchased and is sold out. I was hoping to purchase that vice the one with the aluminum case.
unfortunately this was the early bird cheaper pledge
How about an Early Adopters #3 at $100/each? :) I will by the aluminum one if I have to.
the (not capped) 100$ abs perk is at the top of the perks as “featured”
I cannot tell you how many times I missed that!
aha
The biggest issue I have with this device is a usability bit: automated password filling in Firefox (at least) commonly doesn’t work because of the wide variety (putting it nicely!) of website layouts and forms, etc. Why should I expect this device to do any better?
Anyone care to enlighten me?
Our algo relies on the well tested chromeipass… you’d be amazed how well it works.
Cool. Looks like its generally worth my time to look into addons replacing the default password management in firefox.
I hope ‘feature creep’ doesn’t become a security issue…
With all these ‘third-parties’ wanting to tack-on new functionality, it maybe very possible that the Mooltipass would no longer be secure.
This is also one of my concerns. Not just security but also software bloat and hardware limitations/compromises.
Like the whole arduino/shield compatibility thing. Seriously? Stay focussed on what this device is for.
meh if it is open source they can already see the holes. Luckily that camp set upon MS in 2003 and stands around whistling with its hands in its fluffy pockets ;)