Remembering passwords is one of those things which one just cannot seem to escape. At the very least, we all need to remember a single password: namely the one for unlocking a password manager. These password managers come in a wide variety of forms and shapes, from software programs to little devices which one carries with them. The Mooltipass Mini BLE falls into the latter category: it is small enough to comfortably fit in a hand or pocket, yet capable of remembering all of your passwords.
Heading into its crowdfunding campaign, the Mooltipass Mini BLE is an evolution of the Mooltipass Mini device, which acts as a USB keyboard by default, entering log-in credentials for you. With the required browser extension installed, this process can also be automated when browsing to a known website. Any new credentials can also be saved automatically this way.
Where the Mooltipass Mini BLE differs from the original is in that it also adds a Bluetooth (BLE) mode, enabling it to be used easily with any BLE-capable device, including laptops and smartphones, without having to dig around for a USB cable and/or OTG adapter.
I have already been using the original Mooltipass Mini for a while, and the Mooltipass team was kind enough to send me a prototype Mooltipass Mini BLE for evaluation and comparison. Let’s take a look.
Continue reading “Hands-On: Wireless Login With The New Mooltipass Mini BLE Secure Password Keeper”
One of the most interesting aspects of our modern world is the ability to work collaboratively despite the challenges of geography and time zones. Distributed engineering is a trend which we’ve watched pick up steam over the years. One such example is the Mooltipass offline password keeper which was built by a distributed engineering team from all over the world. The project is back, and this time the goal is to add BLE to the mini version of the hardware. The call for collaborators was just posted on the project page so head over and check out how the collaboration works.
The key to the hardware is the use of a smartcard with proven encryption to store your passwords. Mooltipass is a secure interface between this card and a computer via USB. The new version will be a challenge as it introduces BLE for connectivity with smart phones. To help mitigate security risks, a second microcontroller is added to the existing design to act as a gatekeeper between the secure hardware and the BLE connection.
Mathieu Stephan is the driving force behind the Mooltipass project, which was one of the first projects on Hackaday.io and has been wildly successful in crowd funding and on Tindie. Mathieu and five other team members already have a proof of concept for the hardware. However, more collaborators are needed to help see all aspects of the project — hardware, firmware, and software — through to the end. This is a product, and in addition to building something awesome, the goal is to turn a profit.
How do you reconcile work on an Open Source project with a share of the spoils? Their plan is to log hours spent bringing the new Mooltipass to life and share the revenue using a site like colony.io. This is a tool built on the Ethereum blockchain to track contributions to open projects, assigning tokens that equate to value in the project. It’s an interesting approach and we’re excited to see how it takes shape.
You can catch up on the last few years of the Mooltipass adventure my checking out Mathieu’s talk during the 2017 Hackaday Superconference. If this article has you as excited about distributed engineer as we are, you need to check out the crew that’s building this year’s Open Hardware Summit badge!
A year and two days ago, [Mathieu] started out on a quest to develop some hardware with the help of Hackaday readers. This project became known as the Mooltipass, an open source offline password keeper that’s pretty much a password management suite or Post-It notes on a monitor, except not horribly insecure.
The product has gone through multiple iterations of software, [Mathieu] flew out to China to get production started, and the project finally made it to a crowdfunding site. That crowdfunding campaign is almost over with just eight days left and just a little bit left to tip this project into production. This is the last call, all hands in, and if you’re thinking about getting one of these little secure password-storing boxes, this is the time.
You can check out the Developed on Hackaday series going over the entire development of the Mooltipass, made with input from Mooltipass contributors and Hackaday readers. The Venn diagram of those two groups overlaps a lot, making this the first piece of hardware that was developed for and by Hackaday readers.
Even if you have a fool-proof system of remembering all your passwords and login credentials, the Mooltipass is still a very cool-looking Arduino-compatible board. Note that (security device) and (Arduino thing) are two distinct operating modes that should not be conflated.
[Mathieu] and other contributors will be in the comments below, along with a bunch of ‘security researchers’ saying how this device ‘is horrifying’, ‘full of holes’, and ‘a terrible idea’. One of these sets of people have actually done research. Guess which?
In a few weeks the Hackaday community offline password keeper will reach a crowdfunding platform. This is a necessary step as only a high production volume will allow our $80 early bird perk target. We’ll therefore need you to spread the word.
Thanks to the Chromium development team, a few days ago the Mooltipass installation process became as simple as installing our app & extension. As you may remember, our device is enumerated as composite HID proprietary / HID standard keyboard. This makes it completely driverless for all operating systems and enables standalone operation as the Mooltipass can type logins and passwords selected through its user interface. Management communications are therefore done through the Mooltipass HID proprietary interface, which Chrome 38 now natively supports through its chrome.hid API. The simpler our installation process is, the more likely the final users will appreciate the fruit of our hard labor.
Some of our dear readers may already have an infallible system to remember different complex passwords for the different websites they visit daily. This is why they may have not been following the offline password keeper that the Hackaday community is building.
The Mooltipass has a characteristic that may regain their interest: it is possible to connect Arduino shields to it. In the video embedded below you can see the Arduino conversion process our development team imagined a few months back. The operation simply consists in using a knife to remove plastic bits on top of standard Arduino headers. We also embedded a few use cases with their respective sketches that may be downloaded from our official GitHub repository.
As with stacking several shields, a little tweaking may be required to keep the functionalities from both the Mooltipass and the connected shield. We therefore strongly welcome Arduino enthusiasts to let us know what they think of our setup.
In the meantime, you may want to subscribe to our official Google Group to stay informed of the Mooltipass launch date.
Continue reading “Developed On Hackaday: Mooltipass Arduino Shields Compatibility”
Since the Hackaday community started working on our offline password keeper, Mooltipass, we’ve received several similar projects in our tips line. The Final Key may be the most professional looking one yet. Similarly to the Mooltipass, it is based on an Atmel ATMega32U4 but only includes one button and one LED, all enclosed in a 3D printed case.
The Final Key is connected to the host computer via USB and is enumerated as a composite Communication Device / HID Keyboard, requiring windows-based devices to install drivers. AES-256 encrypted passwords are stored on the device and can only be accessed once the button has been pressed and the correct 256 bit password has been presented through the command line interface. Credentials management and access is also done through the latter. Unfortunately, the Arduino source code can’t be found on [cyberstalker]’s website, so if you see interesting features that you would like to be integrated in Mooltipass you may send us a message to our Google Group.
In our Developed on Hackaday series some readers may recall a sentence we wrote: “if one’s idea is not yet in the market, it’s either completely stupid or people are already working on it”. Well, [Josh] casually mentioned that he was also working on an offline password keeper after having recently subscribed to our google group. Similarly to the Hackaday-developed platform, the USBPass is connected to a computer via USB and is detected as an HID keyboard. As you can see in the picture shown above, it uses very few components: an ATMega32U2, a USB connector, three buttons and a few passives chips.
A total of 20 passwords can be stored in the microcontroller’s memory, which can be ‘typed’ by the platform using the push buttons. The USBPass firmware is based around the LUFA USB stack, to which [Josh] added HID report functionality to allow data transfer from his desktop application. The latter uses the Linux/Windows/OS X HID API library so bringing his software to other operating systems can be done in no time. All the project resources can be found on GitHub, while [Josh] is currently working on a B revision which will include an OLED screen.