We're sorry but this page doesn't work properly without JavaScript enabled. Please enable it to continue.
Feedback

The Making of a Secure Open Source Password Keeper

Logo von FOSDEM VZWFOSDEM VZW
 Stephan, Mathieu

Formale Metadaten

Titel
The Making of a Secure Open Source Password Keeper
Untertitel
...from the Electronics to the High Level Software
Serientitel
Anzahl der Teile
611
Autor
Lizenz
CC-Namensnennung 2.0 Belgien:
Sie dürfen das Werk bzw. den Inhalt zu jedem legalen Zweck nutzen, verändern und in unveränderter oder veränderter Form vervielfältigen, verbreiten und öffentlich zugänglich machen, sofern Sie den Namen des Autors/Rechteinhabers in der von ihm festgelegten Weise nennen.
Identifikatoren
Herausgeber
Erscheinungsjahr
Sprache
Produktionsjahr2017

Inhaltliche Metadaten

Fachgebiet
Genre
Abstract
The Mooltipass Offline Password Keeper project was started three years ago bya small community to provide a safe and offline way of storing credentials. Since then, about 50 individuals from around the globe have contributed to theproject, bringing two models of the Mooltipass device to market. Mooltipass devices are currently used by thousands of people, several majorcompanies, and government agencies. This talk will describe the Mooltipasshardware, firmware and software architectures with a focus on what it took tomove from idea to commercial product, while having all the development andproduction files publicly available on GitHub. While writing for Hack-a-Day, in December 2013 project creator Mathieu Stephanhad the crazy idea of creating an open hardware device using a team spread allover the globe. He posted a call for developers on hackaday.com, whichresulted in a team of 20 individuals. Over the course of three years, using avariety of free (Trello, Google groups, IRC) and open source (KiCad, Gimp,GCC) tools the Mooltipass team developed a complete solution composed of: * Firmware for the devices (AES encryption, storage management, graphics, random number generation, smartcard management) * Two models of physical device each composed of a PCB, case, screen, usb and smartcard connectors * Several open source software solutions to provide computer integration with the device, depending on the users' preferences: a cross platform daemon (Windows, Linux, Mac) [moolticute], a python management tool [mooltipy], a chrome and firefox extension, and a chrome app to provide native integration with websites Having a complete, unremunerated teamworking on the Mooltipass project duringtheir spare time created interesting management challenges, particularly withrespect to establishing and enforcing coding rules and commenting practices.The first crowdfunding campaign successfully raised $125k in December 2014,which was more than sufficient to start the ball rolling. The secondcrowdfunding campgin for the Mooltipass Mini raised $168k last October.