Interview with Mathieu Stephan
The Making of a Secure Open Source Password Keeper. From the Electronics to the High Level Software...
Mathieu Stephan will give a talk about The Making of a Secure Open Source Password Keeper. From the Electronics to the High Level Software... at FOSDEM 2017.
Q: Could you briefly introduce yourself?
I’m an electronics engineer who’s actively involved in the open source movement. I specialize in designing products from scratch and alternate between full-time positions and contracting jobs in very different sectors – from quantum physics to formula E cars. I’ve been a writer for Hackaday, have a personal blog – full of projects and a small shop.
Q: What will your talk be about, exactly? Why this topic?
My talk is mainly about bringing an open source product to life and disseminating it to thousands of users and companies, while working with volunteer enthusiasts I’ve never seen. My talk will explain both the human aspect of the project (how we organized this collaboration) and the technical solution we have built over the last three years. This particular topic was chosen to show that it is possible to develop a professional-grade security device from scratch using purely open source techniques, and to detail what it takes to make that happen.
Q: What do you hope to accomplish by giving this talk? What do you expect?
Ideally I’d like to encourage others to tackle open source projects they have in mind, but that they worry are too complex to accomplish. I expect our ideas to be challenged by the audience and – hopefully – to find open source enthusiasts to join us.
Q: What’s the history of the Mooltipass project? Why did you start it and how did it evolve? Has it become what you planned it to be?
The Mooltipass project idea came to be when I was a writer for Hackaday. I knew that such a device would be very useful for tech-savy individuals and wanted to see if a worldwide collaboration around an open source device was possible. The project became much more than I expected it to be, as we successfully ran two crowdfunding campaigns (on Indiegogo and Kickstarter) for two different devices that are currently used by major companies and national agencies.
Q: Mooltipass is quite an ambitious open hardware project. What were the biggest issues that you encountered managing the Mooltipass project?
Interestingly, the biggest challenge was setting up and enforcing the ground rules and tools that allowed the team to work together. It took more than a month to reach agreement but everything went smoothly from there. Occasionally members dropped out, but that’s to be expected, as life sometimes gets in the way of spare time.
Q: What does the project’s community look like? How can interested people help?
The team is composed of individuals with quite diverse backgrounds. We worked closely with beta testers, selected for their different levels of technical background. We are glad that most of them are pragmatic and submit themselves to majority voting. We are currently working on a standalone cross-platform application and 2fa-only firmware. We would love additional contributors!
Q: Which new features can we expect this year in the firmware or software of the Mooltipass project?
In addition to the points mentioned above, we are currently implementing secure small-file storage and smart database synchronisation.