Tag Archives: encryption


Mooltipass: An offline password keeper

In today’s digital world, password management has become an indispensable and challenging part of our lives. No matter is it our online banking, social media, email, restaurant, utilities, or remote server account, every web-interaction these days requires you to create a strong, non-repetitive, and frequently-changed  password to login to the system. With growing number of online accounts and their strong password policies, keeping track of the passwords is getting annoying and harder. Choosing the same password for multiple accounts puts your entire online identity at risk if that password is compromised. To address this password problem, Hackaday introduces a new piece of open-source hardware, called Mooltipass, which is a secure offline password keeper.

Mooltipass can generate and safely store strong and unique passwords for each website you use. It is a standalone USB device compatible with PCs, MACs, and smartphones, and emulates a standard USB keyboard when connected. When you visit a website and login is required, it enters your credentials with your confirmation. A personal PIN-locked smartcard is used to store the encryption key for your credentials, thus making sure that only you can get access to them. Last but not least, the Mooltipass offline password keeper also contains plugin headers to incorporate standard Arduino shields to further expand its capabilities.

To get Mooltipass into mass production, Hackaday is currently running a crowd-funding campaign on Indiegogo with half of the target ($109,112) being already made in a week. Good luck to the Mooltipass team for the success of their campaign.

Mooltipass, an offline password keeper

Mooltipass, an offline password keeper

MAXIM’s DeepCover MAXQ1050 Secure Microcontroller to protect your embedded systems from Malware

Malware injection has become a critical threat to embedded systems. Implementing an asymmetric cryptography-based secure boot is the best protection against this class of attacks. This application note from MAXIM describes the key principles of such a secure boot and explains how to implement it with the DeepCover® MAXQ1050 secure microcontroller.

DeepCover Secure Microcontroller

Embedded systems security is a growing concern. There are new attacks on embedded systems every day, including on systems involved with health or safety. One type of attack is malware injection, the insertion of malicious code into a webpage. Once an attacker has succeeded in making a device run a fraudulent piece of software, this unauthorized software can:
  • Send confidential data externally. If used in the medical industry, malware injection could cause devices (such as a portable ECG) to inadvertently transmit personal health information. In perhaps a more wide-reaching effort, malicious software could make an encryption key to accessible to the public.
  • Force the device to operate incorrectly. A famous example of this is the Stuxnet virus, which after infecting programmable logic controllers (PLCs), forced centrifuges to run at different speeds than expected.
  • Induce an unpredictable device behavior. This includes behaviors that could threaten human life.
A properly secured boot process allows only authorized software to run on a given device. It thus prevents malware injection, even during update phases. To bring a high level of trust, a secure boot must rely on proven cryptographic algorithms. This, however, creates several challenges:
  • The most appropriate algorithms are asymmetric ones, which require intensive computing power.
  • The keys associated with these algorithms must be protected.
  • The implementation must be flawless.
In many systems, these requirements can be challenging to implement. However, adding a secure microcontroller as a coprocessor like the MAXQ1050 can efficiently support a secure boot implementation while guaranteeing a very high level of security.