Skip to content

JamesGlanville/mooltipass

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

41 Commits

datasheets

datasheets

 
 

design_pictures

design_pictures

 
 

kicad

kicad

 
 

papers

papers

 
 

ressources

ressources

 
 

source_code

source_code

 
 

.gitignore

.gitignore

 
 

BoM_Mooltipass_v2.xlsm

BoM_Mooltipass_v2.xlsm

 
 

README.md

README.md

 
 

cern_ohl_v_1_2.pdf

cern_ohl_v_1_2.pdf

 
 

schematics.pdf

schematics.pdf

 
 

Repository files navigation

Mooltipass project github

This is the github repository dedicated to the mooltipass project. It contains all resources that were used and generated for this community driven product.

What is the mooltipass project?

The mooltipass is an offline password keeper.

The concept behind this product is to minimize the number of ways your passwords can be compromised, while generating and storing long and complex random passwords for the different websites you use daily. It is designed to be as small as possible so it can fit in your pocket. Simply visit a website and the device will ask for confirmation to enter your credentials when you need to login.

The Platform

Mooltipass is composed of one main device and a smartcard.
On the device are stored your AES-256 encrypted passwords. The smartcard is a read protected EEPROM that needs a PIN code to unlock its contents (AES-256 key + a few websites credentials). As with your credit card, too many tries will permanently lock the smart card.
The mooltipass main components are: a smart card connector, an Arduino compatible microcontroller, a FLASH memory, an OLED screen and its touchscreen panel. The OLED screen provides good contrast and good visibility.

The firmware

We want the device to be as simple as possible to use. Ideally, the end user shouldn't have to spend more than a few seconds to use its basic functionalities.
A browser extension will run on the user's computer, that will send (via HID) the current website to the mooltipass. When the user has to login, the mooltipass will light up and will ask for confirmation to enter the credentials.

Data safety

As we're dealing with peoples' credentials, we want to be as careful as possible.
The smart card containing the AES key used for encrypting the password can be cloned using the mooltipass, copying its PIN code as well. The card copy should be stored somewhere safe. As some space is left in the smart card, the user should also be able to store his main email credentials.
The encrypted credentials stored in the mooltipass internal flash can be exported.
A very convenient functionally suggested by one of Hackaday's readers is also implemented: the ability to generate hashed answers for websites' security questions in case credentials are lost. Only the smartcard is required to use this feature.

Features suggested by Hackaday readers

  • Have multiple smart cards for multiple users on one mooltipass
  • Generate a QR code instead of sending the password via HID
  • Have a hole on the device's side to pour resin
  • Leave an empty footprint for a BT transceiver
  • buy a PID from MCS electronics
  • implement OTP

About

Github repository dedicated to the mooltipass project

Resources

Readme
Activity

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • C 57.2%
  • TeX 24.5%
  • JavaScript 8.7%
  • CSS 6.4%
  • C++ 2.7%
  • IDL 0.4%
  • Shell 0.1%