Close
0%
0%

Mooltipass Offline Password Keeper

Offline password keeper project created by and for the Hackaday community

Similar projects worth following
With time, logins and passwords have become critical elements we need to remember to access the different websites and services we use daily. If we want to achieve good security, each of these credential sets should be unique.
We therefore created the Mooltipass, a physical password keeper that remembers and encrypts your credentials so you don't have to. With this device, you can generate and safely store long and complex passwords. A personal PIN locked smartcard allows the decryption of your credentials and ensures that only you have access to them. Simply visit a website and the device will ask for your confirmation to enter your credentials when login is required.
The Mooltipass is a standalone device connected through USB, is completely driver-less and is compatible with all major operating systems on PCs, Macs and Smartphones.

Mooltipass is composed of one main device and a smartcard.

On the device are stored your AES-256 encrypted passwords. The smartcard is a read protected EEPROM that needs a PIN code to unlock its contents (AES-256 key + a few websites credentials). As with your credit card, too many tries will permanently lock the smart card.
The mooltipass main components are: a smart card connector, an Arduino compatible microcontroller, a FLASH memory, an OLED screen and its touchscreen panel. The OLED screen provides good contrast and good visibility.

  • 1 × ST662ACD-TR Content/Electronic Components/Semiconductors and Integrated Circuits/Power Management ICs/Switching Regulators and Controllers
  • 1 × ATMEGA32U4-MU Content/Electronic Components/Semiconductors and Integrated Circuits/Microprocessors, Microcontrollers, DSPs/ARM, RISC-Based Microcontrollers
  • 1 × AT88SC102 Content/Electronic Components/RF, IF, RFID and ZigBee/RF, IF, RFID, ZigBee Semiconductors and ICs/Memory
  • 1 × AT45DB011D-SSH-T Content/Electronic Components/Semiconductors and Integrated Circuits/Memory ICs/FLASH Memory

  • Mooltipass Mini Available on Tindie!

    Mathieu Stephan04/24/2017 at 20:25 3 comments

    After raising than $168k, we finally shipped out all our backers items! It was quite an adventure... but luckily we still had the training from our first Indiegogo campaign.

    We now finally support Firefox and Safari, and are gathering quite a large community. It's great to see how the Mooltipass project evolved!

    We have enabled orders on our tindie shop!

  • Mooltipass Mini Kickstarter : Last Three Days !

    Mathieu Stephan11/04/2016 at 12:29 0 comments

    Last Three Days!


    Dear Mooltipass Enthusiasts,

    As there are only 3 days left before the end of our Kickstarter campaign we would like to thank you for your continued support. Our current funding level (295%) is a testament to that, and this last month has been amazing for us. We are thrilled to see that more than 1450 users chose to support our hard work and believe in the Mooltipass project!
    Many well known companies also contacted us and expressed interest in the Mini! They were particularly motivated by the fact that they could audit and modify the Mini source code to meet their specific requirements. You may also have noticed that we are currently testing Safari and Firefox support. In the following video you can see a demo of the Mini functioning with Chrome, Firefox and Safari side by side.

    If you haven't done so already, keep in mind these are the last few days you'll be able to grab a Mooltipass Mini at a preferential price - after our campaign, the Mini will be priced around $85.
    Have a great week,
    Mathieu and The Development Team

  • The Mooltipass Mini is Live on Kickstarter!

    Mathieu Stephan10/10/2016 at 14:35 1 comment

    We are live !


    Dear Mathieu Stephan,

    The long wait is over: the Mooltipass Mini crowdfunding campaign is live on Kickstarter!
    We are extremely happy to present you with our final device, which has already passed FCC and CE certifications. This effectively means your device can be shipped to your door the moment it leaves the production chain!

    Compared to the Mooltipass standard you know, the mini has the following advantages:

    • Smaller size: 79 x 37 x 12mm
    • Cheaper: $50 early bird price, $85 retail
    • Faster input method: clickable scroll wheel
    • More intuitive: we implemented your suggestions!
    • Scratch resistant: case made of anodized aluminum

    There are only a limited quantity of early bird rewards so make sure to visit our campaign the very moment you receive this email!
    We would also like to take this opportunity to thank our 50 beta testers who relentlessly tested the Mooltipass Mini over the past several months, ensuring our device would suit everyone's needs while remaining intuitive to use.
    And lastly, we'd be eternally grateful if you could spread the Mooltipass word around you so that we can help everyone with our safe and secure password management solution!

  • Mooltipass Mini - Kickstarter Campaign Launching in 2 Weeks!

    Mathieu Stephan09/20/2016 at 19:03 0 comments

    Dear Mooltipass Enthusiasts,

    During these last 6 months the Mooltipass team has been working hard developing the Mooltipass Mini.

    Today we are extremely pleased to announce that in exactly two weeks we will launch a kickstarter campaign for it.

    Compared to the standard Mooltipass, the Mini therefore has the following advantages:

    • smaller size: 79x37x12mm
    • scratch resistant case made of brushed anodized aluminum
    • cheaper price: early bird price of $50
    • faster user input using a clickable wheel
    • several key firmware improvements

    You may be notified of the campaign launch by entering their email on our website (scroll to the end of the page to get the small popup) !

  • First Picture of the Mooltipass Mini Pre-Production Batch!

    Mathieu Stephan06/08/2016 at 06:07 0 comments

    Hello everyone,

    I hope you'll be as happy as we were when we received these pictures.
    Please note the plastic will be semi-tinted to make the mini look black. It'll also be (if all goes well) ultrasonically welded shut. Don't forget to answer our call for reviewers & testers here: https://docs.google.com/forms/d/1MkAny03AB3Qt2d9JocE-chRrzwXpfTQgM3uP0dVMQtw/viewform

    Let us know what you think of the Mini!

    Mathieu


  • Mooltipass Mini Call for Testers and Reviewers

    Mathieu Stephan05/03/2016 at 18:54 0 comments

    Dear Mooltipass enthusiasts,

    We're extremely excited to announce that our current Mooltipass Mini beta testers program is going extremely well, and that a bit more than a week ago we started a Mooltipass Mini pre-production batch!

    If everything goes well, in 2 or 3 weeks 30 units will be shipped to lucky individuals.

    You're therefore more than welcome to take a few minutes of your time to answer this call for reviewers and testers !

    Don't hesitate to share this link with friends and family interested in having a Mooltipass Mini, asking them to put your email as a reference to increase your chances in getting one.

    These devices will (almost) be identical to the ones shipped when (if) our upcoming Kickstarter campaign succeeds!

    Have a great day,

    Mathieu & the development team

  • Prototypes for the Mini Beta Testers

    Mathieu Stephan03/15/2016 at 19:53 10 comments

    Aren't they pretty?

  • Mooltipass Mini Call for Beta Testers

    Mathieu Stephan03/05/2016 at 18:20 0 comments

    Dear Mooltipass Enthusiasts,

    A little more than a month ago we announced that the development team and I were working hard on a small Mooltipass device.

    Today we're extremely happy to send you the very first picture of our current prototype:

    We're also glad to report our target retail price: $50 ! But now we need you.

    As with our first Mooltipass device we are planning to work hand in hand with ~10 beta testers for the next few months to make sure that our device will please everyone. These prototypes will be manufactured, soldered and assembled by us so we created a quick form for you to apply to the beta testers program.

    If you're therefore interested in participating to this great adventure and have a direct impact on the device development process, please fill this form: https://docs.google.com/forms/d/11idL3dzKXHzPuY4K99v4ipEwpYHKDX-q-HvppXwhjEM

    Don't hesitate to spread the word and send this form to your friends and family!


    We'll also organize a (very small) first production run in (hopefully) less than two months, to prepare for our future crowdfunding campaign. As you can guess, we're looking forward to being able to send this new Mooltipass to you!

    Have a nice weekend,

    Mathieu & the Mooltipass Development Team

    PS: As always, if you want to talk to the team and community, we're on #mooltipass on freenode.

  • Mooltipass Mini in the Works!

    Mathieu Stephan01/31/2016 at 17:38 0 comments

    Hello everyone,

    The Mooltipass team and I would like to wish you all a (late) happy New Year and hope that you are doing well.

    Following the success of the Mooltipass device, we are extremely happy to report that a Mooltipass Mini is currently being designed.

    Like its name suggests, this Mooltipass will basically be a smaller version of our current Mooltipass with noticeable differences:

    - a small joystick based input interface instead of our current tactile one.

    - a 2" 128x32 pixels OLED screen instead of our current 3.12" 256x64 pixels one

    - (hopefully) a wheel encoder on the device's side to quickly browse through the credentials

    The Mooltipass Mini will be less than half the size of our current Mooltipass for less than half its price.

    In a month or two, we'll therefore be looking for beta testers. Feel free to invite your friends and family to our google group to stay informed.

    In the meantime, please feel free to use this thread to give us suggestions on what you'd like to see in this small Mooltipass.

    Cheers and have a nice weekend!

    Mathieu

  • The Mooltipass can be ordered!

    Mathieu Stephan07/30/2015 at 11:40 0 comments

    All Mooltipass units have finally been produced and are ready to be sold!

    Get yours here or there with bitcoins!

View all 25 project logs

Enjoy this project?

Share

Discussions

Xylitol wrote 05/21/2017 at 15:29 point

It was a pain to import my 300+ passwords from my keepass database to the mooltiapp, finally i used 'Actiona' to automate the insertion thing.
I use the mini since 3 weeks now, a bit hard to leave my old habits of keepass, but very nice.

  Are you sure? yes | no

Mathieu Stephan wrote 05/21/2017 at 16:19 point

Hello there... did you have a look at our csv import feature? 

  Are you sure? yes | no

Xylitol wrote 05/21/2017 at 19:00 point

yes i've tried but as i remember the keepass format wasn't good or something was wrong when i was exporting/importing
it was importing it half or something like that due to line break issues, unicode or something.. i don't really remember now.

  Are you sure? yes | no

Bas Groothedde wrote 03/06/2017 at 14:07 point

This looks like a very handy device. Will it be available again soon? I'm going to build something similar to this with a Raspberry Pi Zero (for personal use), however having a pre-built one is quite interesting as well. 

  Are you sure? yes | no

Mathieu Stephan wrote 10/20/2016 at 05:38 point

Jim, the display will keep at least 50% of its brightness after 10k hours of use. 

  Are you sure? yes | no

jim.deane wrote 10/19/2016 at 16:57 point

Anyone have comments on the long-term quality of the display? Does it get the OLED fade / black dot disease?

  Are you sure? yes | no

Mark Jeronimus wrote 07/27/2016 at 09:05 point

The fact that the secure chip card is an Atmel worries me a lot. Working at a security evaluation lab, I can tell you secure Atmel devices are known to be as leaky as a sieve. I can't give you any details as it's confidential, but let's just say that we use Atmel chips as a standard 'victim' to periodically test and validate our pen-testing equipment

  Are you sure? yes | no

limpkin wrote 07/27/2016 at 09:07 point

Hello Mark,

Do you have any literature or credentials to back your claims? 

  Are you sure? yes | no

Dov Alperin wrote 12/22/2015 at 20:02 point

Is there any authorization so that if someone took the device they would not be able to access  the devices.

  Are you sure? yes | no

Brian wrote 06/04/2015 at 15:42 point

Cool project with an awesome name.  Korben Dallas would be impressed.     

  Are you sure? yes | no

Doomsdaydoctrine wrote 03/29/2015 at 19:34 point

Great project you guys have going here, I have to say that i'm extremely interested in something like this, but lets say you are a user with many multiple email accounts from the same host(gmail) , then how would this device go about deciding which one you log into?

  Are you sure? yes | no

Mathieu Stephan wrote 03/29/2015 at 19:40 point

We support this case... check out our gifs at themooltipass.com 

  Are you sure? yes | no

morgan-tom wrote 12/14/2014 at 10:33 point
Mooltipass Indiegogo hit the initial goal!!!! I can't help but think that a Kickstarter campaign may have made more, but we got there anyway. Grats!!!

  Are you sure? yes | no

hassanahmed wrote 10/18/2014 at 21:50 point
Hey ,
I need help
May any programmer help me ?

  Are you sure? yes | no

iWhacko wrote 10/08/2014 at 11:21 point
Hi, I'm interested in smart card programming aswell. I'd love to directly work on the chips inside it instead of using javacards etc. Do you have any information on this subject. ie, how do you test your cards? is the firmware sent to a factory and they produce the cards? or can you upload new firmware to blank cards?

  Are you sure? yes | no

Mathieu Stephan wrote 10/13/2014 at 19:04 point
The card we use is a standard one: the AT88SC102. When we receive them we just set it up in a particular way and burn some fuses.

  Are you sure? yes | no

Victor Suarez Rovere wrote 08/25/2014 at 18:28 point
Have you seen this similar entry, PassKey? It offers an unprecedented level of security.
http://hackaday.io/project/2620

  Are you sure? yes | no

Mathieu Stephan wrote 08/25/2014 at 18:34 point
Hey Victor,
I can see that you're _extremely_ biased on the subject ;). This is a very ambitious project that you're considering... how many people are working on it?

  Are you sure? yes | no

Mathieu Stephan wrote 08/25/2014 at 18:35 point
Just to be sure I completely understand your project: are you implementing a commercial man in the middle device?

  Are you sure? yes | no

John Reiter wrote 08/21/2014 at 10:39 point
What if the smart card also had RFID for door access? You could use it as an employee ID as well.

  Are you sure? yes | no

Mathieu Stephan wrote 08/21/2014 at 10:41 point
that would be neat indeed... however different companies have different type of NFC cards so it'd be hard to be flexible enough

  Are you sure? yes | no

Mark Jeronimus wrote 08/19/2014 at 17:20 point
Not to burst your bubble but let me tell you why no one has ever made something similar. I work at a large hardware security evaluation lab, and I can tell you that without rigorous security evaluation and feedback, devices like this are almost sure to contain side-channel leaks and exploits. Even if every part is tested and certified, the final product may not be secure. We had companies having to re-evaluating things only because they swapped an innocent chip with a different footprint, for which the main PCB was re-routed. Evaluation of a simple PIN entry device can cost between $100,000 - $500,000. Especially with the publicity you're getting here and in China, there'll be attackers for sure. Probably safe for most people, but not for a commercial product.

  Are you sure? yes | no

Mark Jeronimus wrote 08/19/2014 at 17:24 point
I'll give you a free tip. Use temper-switches to detect entry and modification of the device. Usually they are placed around buttons so they can't be tapped electrically. Also don't leave space that attackers can inserts evesdrop/logging devices into.

  Are you sure? yes | no

Mathieu Stephan wrote 08/19/2014 at 17:25 point
Hey Mark,

Considering the tone of your comment: is it a reason not to try then?
This is why we are going the open hardware way. Perhaps concerned individuals like yourself will consider putting some of their time to either look at our code or go for a black box type of attack. We already have several pen-testers checking our security implementation, and we would love you to be one of them :)

Cheers

  Are you sure? yes | no

Mathieu Stephan wrote 08/19/2014 at 17:27 point
Thanks for the tip Mark, we actually already had this one on day 2 after we launched this project ;)

  Are you sure? yes | no

markbng wrote 06/06/2014 at 09:13 point
Very nice project. Very professional project.
Please note that the AT88SC102 is NOT secure (www.break-ic.com). You can use the ATECC108 instead. An ARM cortex M3/M4 controller is preferred for main controller (good performance/cost ratio).
Do you also make a 'lastpass' browser add-on?

  Are you sure? yes | no

Mathieu Stephan wrote 06/06/2014 at 09:16 point
Thanks!
It depends what you mean by secure. Security has a cost so the appropriate question would be: how long does it take / how expensive is it to break the AT88SC102 security?

  Are you sure? yes | no

markbng wrote 06/06/2014 at 09:45 point
I know. Security is difficult. You have to choose a good security for a reasonable price. I don't know the exact price (I use the break-ic list only to see which components can be hacked), but I think the price is from 800USD up to a few thousand dollar.

  Are you sure? yes | no

elliot.buller wrote 06/05/2014 at 23:34 point
Not sure if there's any interest but I have 50 AT88SC0404C atmel crypto cards from a previous project. They are unused and in the protective sleeve. All white, looks like they could be printed on. Feel free to email if anyone has interest. elliot.buller(AT)gmail.com

  Are you sure? yes | no

Mathieu Stephan wrote 06/06/2014 at 06:39 point
Thanks for the offer Elliot!
However we're only supporting the AT88SC102 atm.

  Are you sure? yes | no

elliot.buller wrote 06/06/2014 at 07:06 point
I understand. Hard to develop for a moving target. I have pcsc scripts with apdu packet examples to access data, setup crypto, etc. More storage space too. I'll try and buy one to do the port myself once they are commercial. Been meaning to repurpose the smartcards and this sounds like a good opportunity. (Also will work for many automated laundry systems ;) Sorry, off topic.

  Are you sure? yes | no

mexoplex wrote 05/28/2014 at 12:02 point
you dont think the lawyers of the producers of the movie, " The Fifth Element" will be contacting you shortly?

  Are you sure? yes | no

Mathieu Stephan wrote 06/06/2014 at 06:38 point
so far so good!
I don't think so though, given there already exist multipass brands / companies around the world

  Are you sure? yes | no

pierrep wrote 03/29/2014 at 09:15 point
Maybe the concern with the use of an USB key is the accessibility of the datas, that are usually readable in all circumstances even using an encryption it might just ask a password to decrypt/use the USB key, as with a microcontroller datas may be harder to retreive thus more secure. That's mt little point of view on the use of USB. I must finally say the design of the 3D rendering is nice !

  Are you sure? yes | no

John Boyd wrote 03/28/2014 at 04:48 point
My only concern is the trade-off between security and convenience. This project gives much better security, but in order to access any web accounts we may have, we need to have the mooltipass with us. Are there plans to make a later revision that will just be a keychain-able USB drive? that way we dont need to add a whole new device to our daily tools (phone, wallet, keys, etc)?

That being said, I DO love this project and the direction yall have chosen, and you can expect me to be the first buyer or kickstarter funder!

  Are you sure? yes | no

Mathieu Stephan wrote 03/28/2014 at 06:59 point
Hey phreaknik,

Thanks a lot for the support! As for your questions, a smaller version might be designed in the future but it's not planned yet. Are you sure that in your case you'd need to carry the mooltipass all the time? For example I mostly do my browsing at home or at work, so in my case I'd use 2 mooltipass and one smartcard...

  Are you sure? yes | no

John Boyd wrote 03/28/2014 at 19:53 point
Mathieu,

Well as a student, I find myself sitting in front of a different computer every few hours every day, where i log into many accounts i would like to keep secure. I can easily sit down in front of 20 different computers a week, and sometimes never come back to the same computer twice. Even if I could afford twenty multipasses and came back to the same twenty computers every week, i certainly couldnt trust leaving them there at all these public computers.

This is why i feel a more portable option may be necessary for people like me to fully adopt the multipass as a security solution.

Just my two cents, and as I said before, I do really like the project. Definitely good work done!

  Are you sure? yes | no

Jake wrote 05/09/2014 at 11:18 point
Maybe, if this project really kicks off, you could see it as a standard device on computers?

  Are you sure? yes | no

Mathieu Stephan wrote 05/09/2014 at 13:54 point
Jake,

Hopefully! We need great supports and contributors to make this project a reality :)

  Are you sure? yes | no

Mathieu Stephan wrote 03/26/2014 at 12:33 point
The Mooltipass will be credit-card sized with a 12mm width. At the moment, we're not sure yet what the final price will be.

  Are you sure? yes | no

Similar Projects

Does this project spark your interest?

Become a member to follow this project and never miss any updates