Author Topic: Opinion on the Mooltipass?  (Read 6391 times)

0 Members and 1 Guest are viewing this topic.

Offline con-f-use

  • Supporter
  • ****
  • Posts: 802
  • Country: at
Opinion on the Mooltipass?
« on: January 12, 2014, 09:29:19 pm »
Since it is sort of a "big thing" on Hackaday:

The Mooltipass on git...
...and on Hackaday

I'm pretty much indifferent. I don't get it. Care to get me excited?

btw. Moo is in.
« Last Edit: January 12, 2014, 09:32:31 pm by con-f-use »
 

Offline Maxlor

  • Frequent Contributor
  • **
  • Posts: 564
  • Country: ch
Re: Opinion on the Mooltipass?
« Reply #1 on: January 13, 2014, 12:12:35 am »
Hm there's not too much information available. It all depends on the smart card implementation though, but I can't see details about that. With a secure smart card, this might actually work, if they don't fall through one of the many crypto traps.

Personally, I use LastPass with Yubikey-authentification. While I'm not happy with storing my passwords on a 3rd party server (LastPass claims they're stored in encrypted form, but I really have no way to check that,) I decided that the advantage of having secure and unique passwords for every service I use is bigger than the disadvantage of storing the passwords with them. The Yubikey acts as a security token for two factor authentication on computers I don't totally trust, like my work computer. The whole thing works pretty well for me. If I could actually run the server side on one of my own systems, it'd be perfect. Oh well.
 

Offline gxti

  • Frequent Contributor
  • **
  • Posts: 507
  • Country: us
Re: Opinion on the Mooltipass?
« Reply #2 on: January 13, 2014, 05:27:44 am »
It's a great idea, but I'm biased because I thought of it too. The downside is that it's an extra device to carry around and unlike the YubiKey it's a little too big to just clip onto your keychain. Most people are never going to care enough to pay that inconvenience, but I would.

The crypto needs to be audited. I don't see any source code yet but from the README it sounds like they might not have put much thought into the cipher block mode. I'm more than happy to contribute in this area.

I'm not thrilled with the choice of AVR, I would rather have seen something more powerful like a STM32. I really really hate fussing with 8 bit micros so I probably won't be contributing much, if any, code.
 

Offline nowlan

  • Frequent Contributor
  • **
  • Posts: 642
  • Country: au
Re: Opinion on the Mooltipass?
« Reply #3 on: January 13, 2014, 05:53:37 am »
Would be nice if my phone's NFC could act as token.
 

Online nctnico

  • Super Contributor
  • ***
  • Posts: 18930
  • Country: nl
    • NCT Developments
Re: Opinion on the Mooltipass?
« Reply #4 on: January 30, 2014, 11:19:20 am »
Something like this?

Extra bonus point for the one who knows which movie this screenshot is from...  8)
There are small lies, big lies and then there is what is on the screen of your oscilloscope.
 

Offline FrankBuss

  • Supporter
  • ****
  • Posts: 2313
  • Country: de
    • Frank Buss
Re: Opinion on the Mooltipass?
« Reply #5 on: January 30, 2014, 11:34:50 am »
Extra bonus point for the one who knows which movie this screenshot is from...  8)
Who doesn't know The Fifth Element?
So Long, and Thanks for All the Fish
Electronics, hiking, retro-computing, electronic music etc.: https://www.youtube.com/c/FrankBussProgrammer
 

Offline con-f-use

  • Supporter
  • ****
  • Posts: 802
  • Country: at
Re: Opinion on the Mooltipass?
« Reply #6 on: January 30, 2014, 12:20:59 pm »
Who doesn't know The Fifth Element?

I wish I didn't! ;)
 

Offline DomesticHacks

  • Regular Contributor
  • *
  • Posts: 53
  • Country: de
    • DomesticHacks
Re: Opinion on the Mooltipass?
« Reply #7 on: February 06, 2014, 12:09:54 pm »
Storing the final password on a device isn't that usefull.
Even when the encryption is strong enough the password still can be stolen for example by maleware, hacked websites (Adobe), keyloggers......
When you are already carry a device with you I think it should at least do some kind of Two-factor authentication.

At the moment I work on a open source Two-factor authentication device and already have a working prototype but it still needs some work.
I will publish it on my YouTube channel when I have someting to show. Especially the software for implementing this in a webapplication needs some tweaks.
Interesting projects, tipps and tricks (in German).
DomesticHacks on YouTube: https://www.youtube.com/DomesticHacks
 

Offline Marco

  • Super Contributor
  • ***
  • Posts: 4625
  • Country: nl
Re: Opinion on the Mooltipass?
« Reply #8 on: February 06, 2014, 09:32:40 pm »
Ideally my credentials shouldn't ever be on my PC at all, I just want to be able to authenticate directly to a website through something like Yubikey ... the ideal form factor for such a device would be a microsd card with a swipe sensor along it's external edge.
 

Offline free_electron

  • Super Contributor
  • ***
  • Posts: 7337
  • Country: us
    • SiliconValleyGarage
Re: Opinion on the Mooltipass?
« Reply #9 on: February 06, 2014, 09:55:47 pm »
Extra bonus point for the one who knows which movie this screenshot is from...  8)
Who doesn't know The Fifth Element?
what's this 'movie' thing i keep hearing about ? some new lab tool ?
Professional Electron Wrangler.
Any comments, or points of view expressed, are my own and not endorsed , induced or compensated by my employer(s).
 

Offline Marco

  • Super Contributor
  • ***
  • Posts: 4625
  • Country: nl
Re: Opinion on the Mooltipass?
« Reply #10 on: February 06, 2014, 10:19:19 pm »
Can someone explain to me why TOTP exists? It seems to offer no real advantages over a challenge/response protocol with PKI.

Is it just intentional subversive distraction to keep the correct approach from going mainstream?
 

Offline DomesticHacks

  • Regular Contributor
  • *
  • Posts: 53
  • Country: de
    • DomesticHacks
Re: Opinion on the Mooltipass?
« Reply #11 on: February 08, 2014, 06:53:13 pm »
The advantage is that the device doesn't need a connection to the pc, smartphone, freezer, toaser....
Especially for smartphones it's interesting.
Interesting projects, tipps and tricks (in German).
DomesticHacks on YouTube: https://www.youtube.com/DomesticHacks
 

Offline Marco

  • Super Contributor
  • ***
  • Posts: 4625
  • Country: nl
Re: Opinion on the Mooltipass?
« Reply #12 on: February 08, 2014, 07:30:05 pm »
Hmm, yeah I didn't think that through.
 


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf