My brother and I have recently published an application to the Android Market that implements the mimics the Mobile-OTP reference implementation. I am proud of this for two reasons:
1. This is my first application into the android market.
2. I believe the features of this applications are better than the other MobileOTP clients I have seen thus far.
Our implementation allows for multiple profiles; essentially this allows a user to store credentials for multiple servers. Also, instead of remembering codes such as "#**#" to initialize a device, our client has easy to navigate menus that follow traditional Android applications' feel.
Here are some links
Subscribe to:
Post Comments (Atom)
15 comments:
We've been using this to test http://www.dynalogin.org an open source HOTP solution for OpenID. In fact, I'm even using the OpenID component, authenticated by mOTP, to post this comment.
@daniel
I am glad that you are able to enjoy of this application. If you have any questions, please feel free to contact me, and I will attempt to help you.
your application looks great but i think it has a big security problem: the secret key is shown every time i go into the profiles. i think it should only be shown once after initialization and once i am out of the profiles screen it should not show again.
with the secret key shown, the attacker only needs to guess the pin code to gain access
@ענת
You are referring to when you attempt to edit a profile that the secret is visible? I can remove this, but we will lose the edit functionality. I thought that this wasn't a terrible idea because one-time passwords are often part of a multi-factor authentication system where they represent the something you have property. If someone is able to take that something, they still don't have credentials to login. Also, you are supposed to protect the something that you have. Please feel free to comment below and I will consider removing edit functionality.
your application is great but i don`t know it was develop by application environment? Can you please let me know? Thanks a lot of.
@TieuBach
I am having difficulty understanding what you wrote. With my current understanding of your question, this application was written to work with the open standards HOTP, TOTP, and mOTP. This application will work in any environment where these open standards are used. If you are questioning which application environment this application was written for, it was written for the Android platform.
your application looks great but i think it has a small problem. Can you remove 20 length seed limitation? thank you. because my seed less than 20 characters...
@Pingping Shieh
Unfortunately I don't have my environment set up for Android development so I cannot fix the issue for you. I am curious why your seed is not 20 characters. According to all implementations I've seen, 20 is the limit. Are you sure you are using mOTP and not HOTP, TOTP, or some other one time password implementation? Have you looked over http://motp.sourceforge.net/ for some other implementation that might suit your needs that doesn't have the 20 limitation?
Unfortunately your app appears to be "incompatible with my HTC Wildfire" and is not available for me to download.
Any suggestions?
Chris
@Chris Davies
What version of Android are you running? mOTP requires Android version 1.1 or greater to run. Are you given a particular error message when trying to install the application? what region are you in? Are you trying the link from here:
https://play.google.com/store/apps/details?id=org.cry.otp
hi chris, your apps looks great, do you have any documentation about this apps, thanks
@kirimkejp
Unfortunately I have not had time to create thorough documentation for this application. Essentially it supports many different implementations of one time password algorithms. Do you have any particular questions that you would like to help you with?
I'd also like to see a little basic documentation. For example - whilst "playing" I've created a profile. Can profiles be deleted? How? I never recorded the string of seed characters, the Android device (a Promate LumiTab) got confused with keyboard entry - touch screen went wonky.
Post a Comment