The Making of a Secure Open Source Password Keeper – Mathieu Stephan

Mathieu is founder of Mooltipass, an open source hardware store for passwords that acts as a keyboard. It was kickstarted with $290K.

Mooltipass is a microcontroller, display and USB interface, the keys are stored on a smart card so the same Mooltipass can be used by several users.

The device was developed by 30 contributors spread over the global, including SA and NZ. The contributors were pre-selected based on a call on It took a month to lay down the ground rules. Communication mainly through mailing lists (google groups), sometimes IRC. Since nobody was paid, it was needed to keep momentum going. This was done by showing off the contributor’s progress and how it fits in overall progress. Also progress was reported on Hackaday, also the brand name was elected there.

For management, the Trello kanban board was used (before it was bought by Atalassian). There were clear responsibilities to keep the pressure on.

The design of the cases was also selected based on feedback loop on

Mass production is done in China, Mathieu went there to choose the manufacturer. The CNC was selected as the cheapest on Alibaba – if prototypes turned out to be bad they could still change. But he produced good quality so they kept him. To instruct the assembly line, they made a video of the process. During the prototype runs, there was every time quality control which was used to make a QC document in a tight feedback loop with the assembler. Several prototype runs are needed to smooth out the problems. The process was streamlined by Mathieu’s wife, who is Chinese.

For crypto, AVR-Cryptolib is used. It was double-checked with the NESSIE vector set. All the rest of the firmware code was created by Mooltipass. Everything that is stored in flash is encrypted, the keys are stored on a smartcard. The smartcard was not easy to find, even though the required feature set was really minimal. It locks permanently after 4 incorrect PINs, PIN is 16 bits. The RNG is based on the jitter between the watchdog timer and the oscillator, which gives 64 bits per second.

A smartcard can be cloned, to give you a backup in case you loose it. Also the encrypted database can be backed up so if you loose the device, just buy a new one.

The USB is a HID keyboard + HID proprietary, which can be used by browser plugins. Keyboard needs a keyboard mapping, so LUTs have to be generated for all possible locales so that the Mooltipass generates the correct keycode for the character in the password.

The firmware can be updated from the bootloader. Updates are signed. The hash is shown on the screen so the user can validate that the device is not compromised. Every device has some unique keys on it. To avoid trusting the assembler, the entire programming is done by Mooltipass people.

For Chrome support, an app can be used that can directly use the HID proprietary USB device. But Chrome Apps is going to be dropped in 2018. The MooltiPy python script can be used to interface with the device from other applications. In the future, a Moolticute daemon will be developed that can be accessed by browsers and other tools, e.g. SSH agent.

To make a Bluetooth device, the biggest problem is the battery, which requires more certification (Li-ion). Also the security implications are tricky, you’d need an additional security layer in the BT communication.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s