Mathieu Stephan is an open source hardware developer, a Tindie seller who always has inventory, a former Hackaday writer, and an awesome all-around guy. One of his biggest projects for the last few years has been the Mooltipass, an offline password keeper built around smart cards and a USB interface. It’s the solution to Post-It notes stuck to your monitor and using the same password for all your accounts around the Internet.
The Mooltipass is an extremely successful product, and last year Mathieu launched the Mooltipass Mini. No, it doesn’t have the sweet illuminated touch-sensitive buttons, but it is a bit cheaper than its big brother and a bit more resistant to physical attacks — something you want in a device that keeps all your passwords secure.
Mathieu didn’t build the Mooltipass alone, though. This is an Open Source project that has developers and testers from around the globe. It may have started off as a Hackaday Post, but now the Mooltipass has grown into a worldwide development team with contributors across the globe. How did Mathieu manage to pull this off? You can check out his talk at the 2017 Hackaday Superconference below.
So, how do you collaborate with dozens of developers spread out across the globe from California to Switzerland to New Zealand? The best solution Mathieu found was to implement features by consensus, obviously to use GitHub for versioning and source control, and actually documenting the code. These are obvious solutions, but best practices aren’t exactly common practices.
Communication was handled in groups, not through direct contact like IM, email, or some sort of messaging service. Just about everything was done through Google Groups and a Trello board, a convenient tool that can put tasks on a calendar. It’s a system that works for the Mooltipass team, and unlike a lot of Open Source projects, it’s easy for newcomers to digest what’s actually going on.
But this is a hardware project and a secure hardware project at that. This means the Mooltipass needs to be tamper-evident and hard to get into. The first Mooltipass had a plastic version, but for the Mooltipass Mini, the team went with all aluminum. This required CNC, and for the Mooltipass Mini that meant Chinese machining shops. Mathieu actually traveled to China to get these Mooltipasses made, and found a few surprising facets of Chinese manufacturing. The cheapest supplier for the milled enclosures was actually the most reliable. You never know what you’re going to get, apparently. Assembly was an issue, and not just because of the language barrier. However, Mathieu found an interesting solution to the problem of assembly: make a video. It’s so simple, so obvious, but oh so clever.
The Mooltipass and the Mooltipass mini are great examples of what can be done with Open Hardware. But what’s next? There’s a next-generation Mooltipass in the works that promises to be even more secure. This next-generation Mooltipass mini will have Bluetooth with a hardware option to disable it, the same Smart Card interface, and a secure microcontroller. It promises to be the best way to save your passwords, and we can’t wait to see what comes out of the lab from the Mooltipass team.
Filed under: cons, Hackaday Columns, Security Hacks
No comments:
Post a Comment