We're sorry but this page doesn't work properly without JavaScript enabled. Please enable it to continue.
Feedback

The Making of a Secure Open Source Password Keeper

Logo of FOSDEM VZWFOSDEM VZW
 Stephan, Mathieu

Formal Metadata

Title
The Making of a Secure Open Source Password Keeper
Subtitle
...from the Electronics to the High Level Software
Title of Series
Number of Parts
611
Author
License
CC Attribution 2.0 Belgium:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.
Identifiers
Publisher
Release Date
Language
Production Year2017

Content Metadata

Subject Area
Genre
Abstract
The Mooltipass Offline Password Keeper project was started three years ago bya small community to provide a safe and offline way of storing credentials. Since then, about 50 individuals from around the globe have contributed to theproject, bringing two models of the Mooltipass device to market. Mooltipass devices are currently used by thousands of people, several majorcompanies, and government agencies. This talk will describe the Mooltipasshardware, firmware and software architectures with a focus on what it took tomove from idea to commercial product, while having all the development andproduction files publicly available on GitHub. While writing for Hack-a-Day, in December 2013 project creator Mathieu Stephanhad the crazy idea of creating an open hardware device using a team spread allover the globe. He posted a call for developers on hackaday.com, whichresulted in a team of 20 individuals. Over the course of three years, using avariety of free (Trello, Google groups, IRC) and open source (KiCad, Gimp,GCC) tools the Mooltipass team developed a complete solution composed of: * Firmware for the devices (AES encryption, storage management, graphics, random number generation, smartcard management) * Two models of physical device each composed of a PCB, case, screen, usb and smartcard connectors * Several open source software solutions to provide computer integration with the device, depending on the users' preferences: a cross platform daemon (Windows, Linux, Mac) [moolticute], a python management tool [mooltipy], a chrome and firefox extension, and a chrome app to provide native integration with websites Having a complete, unremunerated teamworking on the Mooltipass project duringtheir spare time created interesting management challenges, particularly withrespect to establishing and enforcing coding rules and commenting practices.The first crowdfunding campaign successfully raised $125k in December 2014,which was more than sufficient to start the ball rolling. The secondcrowdfunding campgin for the Mooltipass Mini raised $168k last October.