Mathieu Stephan : The Making of a Secure Open Source Hardware Password Keeper

Mathieu Stephan is an open source hardware developer, a Tindie seller who always has inventory, a former Hackaday writer, and an awesome all-around guy. One of his biggest projects for the last few years has been the Mooltipass, an offline password keeper built around smart cards and a USB interface. It’s the solution to Post-It notes stuck to your monitor and using the same password for all your accounts around the Internet.

The Mooltipass is an extremely successful product, and last year Mathieu launched the Mooltipass Mini. No, it doesn’t have the sweet illuminated touch-sensitive buttons, but it is a bit cheaper than its big brother and a bit more resistant to physical attacks — something you want in a device that keeps all your passwords secure.

Mathieu didn’t build the Mooltipass alone, though. This is an Open Source project that has developers and testers from around the globe. It may have started off as a Hackaday Post, but now the Mooltipass has grown into a worldwide development team with contributors across the globe. How did Mathieu manage to pull this off? You can check out his talk at the 2017 Hackaday Superconference below.

So, how do you collaborate with dozens of developers spread out across the globe from California to Switzerland to New Zealand? The best solution Mathieu found was to implement features by consensus, obviously to use GitHub for versioning and source control, and actually documenting the code. These are obvious solutions, but best practices aren’t exactly common practices.

Communication was handled in groups, not through direct contact like IM, email, or some sort of messaging service. Just about everything was done through Google Groups and a Trello board, a convenient tool that can put tasks on a calendar. It’s a system that works for the Mooltipass team, and unlike a lot of Open Source projects, it’s easy for newcomers to digest what’s actually going on.

But this is a hardware project and a secure hardware project at that. This means the Mooltipass needs to be tamper-evident and hard to get into. The first Mooltipass had a plastic version, but for the Mooltipass Mini, the team went with all aluminum. This required CNC, and for the Mooltipass Mini that meant Chinese machining shops. Mathieu actually traveled to China to get these Mooltipasses made, and found a few surprising facets of Chinese manufacturing. The cheapest supplier for the milled enclosures was actually the most reliable. You never know what you’re going to get, apparently. Assembly was an issue, and not just because of the language barrier. However, Mathieu found an interesting solution to the problem of assembly: make a video. It’s so simple, so obvious, but oh so clever.

The Mooltipass and the Mooltipass mini are great examples of what can be done with Open Hardware. But what’s next? There’s a next-generation Mooltipass in the works that promises to be even more secure. This next-generation Mooltipass mini will have Bluetooth with a hardware option to disable it, the same Smart Card interface, and a secure microcontroller. It promises to be the best way to save your passwords, and we can’t wait to see what comes out of the lab from the Mooltipass team.

19 thoughts on “Mathieu Stephan : The Making of a Secure Open Source Hardware Password Keeper

  1. Thanks Brian! You can’t see but I’m blushing…
    Anyway, nothing could have been done without the help of all the open source enthusiasts who contributed to this wonderful project!
    We’re indeed ironing out the hardware details for the next generation mini and will soon make a call for contributors, in collaboration with Hackaday! (Mike, I’ll soon reply to your email).
    We just want to make sure that what we want to do is actually feasible (try making 12v from 1v without using massive caps….)

    1. Slides may be found here: https://drive.google.com/open?id=1t7G9zvdcBC5vZUtKzRqpzT6snE5rA1YhhKer02RPXMc

      If anyone is interested in implementing U2F / a new DB model / playing with accelerometers as RNGs (by verifying that https://info.cs.uab.edu/saxena/docs/vsh-wisec11.pdf ) / unicode fonts / unicode HID entering, please send us a quick message to contributors[at]themooltipass[dot]com !

      The road ahead of us is definitely going to be a challenging one.

      1. we’re doing a complete firmware overhaul…. we’re far from the future crowdfunding campaign!
        the mini still is the best choice, especially now that we’re rolling out the new app (coded from the ground up) moolticute, which offers smart synchronization and file storage!

          1. ahaha yes! It’s the one we have right now on the boards… but it can’t bring up the voltage to 12V due to its mode of operation.
            – We couldn’t get a simulation model from TI
            – picking C3 is something along the lines of “just try some values, see if it works”
            – If you do standard step-up theory maths you see that IC can’t work (can’t remember the details)
            – the few other articles we find about people who tried it are not encouraging (https://e2e.ti.com/support/power_management/non-isolated_dcdc/f/196/t/572216)
            – It needs to work with 3v3 and 1v input (when the mini is used with AAA or USB), and because of R3 you’ll get VERY different oscillation frequencies…

            … so we found another one, for which we have a simulation model, which seems to be perfect.

  2. And to top it all, his (and others’) responsiveness on the mailing list is incredible.
    I’ve seen all questions answered – everything from (paraphrasing) “I’ll send you a new one if you DM your address” to “you need to press F11” from Mathieu and others on the list, pretyy much instantaneously.

    Great project. I’ve got two MPM, they’re overkill for my humble needs, but a lovely piece of kit.

  3. The Mooltipass was always a great idea, but has become an awesome product. It’s certainly not perfect, and I’m looking forward to the latest version. I’m seriously hoping you add a battery (Likely if it’s Bluetooth), and make it smaller. Those big smartcards are mostly wasted real estate. Even on the Mini I cut most of my cards nearly in half to minimize what’s sticking out. Imagine if cellphones still used full size SIM cards.

  4. If SIM-sized cards were used, the Mooltipass could be made much smaller. That might be less convenient for those that actually use multiple cards on one unit (Unless if two or more people can share with different PIN codes instead of separate Smartcards), but more convenient for those of use who leave the smartcard in 100% of the time.

    1. Hey Robert!
      I’d actually like to talk about this point, because it indeed drives major design decisions. Could you send me a quick message at mathieu[at]themooltipass[dot][com] with your input?
      Using a small form factor also makes the card cloning process quite cumbersome.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s