We have released a fix to address Android SecureRandom flaw and how it affects PPP for Android. Note that the flaw only affects the creation of new card sets when you use the randomly-generated sequence key PPP creates by default. Sequence keys generated by some other means should be unaffected. Please update to the latest version (BETA 2) as soon as possible. - Jeffrey Darlington, September 6, 2013
Based on Steve Gibson's implied endorsement of HOTP (HMAC-Based One-time Passwords), the open standard behind the popular Google Authenticator, it seems that development on the original Perfect Paper Passwords system has essentially stopped. Perhaps Mr. Gibson has come to the opinion that PPP is mature and has nowhere else to go, or perhaps he feels it has been eclipsed by HOTP. Personally, I can only guess at his opinions. That said, there has been no further improvements to PPP as a whole, and as such, I'm not certain how much more time I will devote to PPP for Android. I personally have stopped using PPP on my own sites in favor of HOTP and Google Authenticator. While I may still go through and implement some minor bug fixes and improvements, I may leave PPP for Android as it stands now for those who still find it useful. I will come to a more formal opinion on the application's fate sometime in the not too distant future. - Jeffrey Darlington, August 2, 2013
Current Release | 1.0 BETA 2 (Unofficial) |
---|---|
Date of Release | September 6, 2013 |
Next Release Milestone | 1.0.0 |
Date of Next Release | Not set |
Status of Development | On hold due to other priorities |
After Google Code disabled the ability to host downloadable files for projects, I placed a copy of the APK up on Google Drive. I have no idea if this is still necessary at GitHub, so I'll maintain the link for now and remove it later if necessary. The following link points to the latest version of the PPP download files hosted on Google Drive. The SHA-1 hash for each file can also be found below.
Download Type | SHA-1 Hash | Size |
---|---|---|
Android package (APK) | 048131507c2b2ab742360305b8c8aa1a157b4fd7 | 193kb |
Perfect Paper Passwords is a one-time password system developed by Steve Gibson of the Gibson Research Corporation. It provides a relatively simple, safe, and secure form of multi-factor authentication that virtually anyone can implement. This project's goal is to create a simple and intuitive PPP client for Android that mimics the "printed card" paradigm, generating PPP passcodes on the fly as they are needed while maintaining a history of used passcodes for reference.
This project uses code from the jPPP project by Kurt Nelson, which in turn is based a JME phone client by John Graham-Cumming. It also includes code taken from the Legion of the Bouncy Castle Java Crypto API, which is released under the MIT X11 License. The full source for the Bouncy Castle code can be obtained from their site.
This project is currently in BETA. There are no "official" builds yet; however, the code is rapidly approaching a stable state and testing input is always welcome. If you would like to help test PPP for Android, you may either download the beta from the Google Play Store or from the Download links here on this site. (Google Play installs have the advantage of automatic updates.) Alternatively, you may check out the source project via SVN from the Source tab and build it yourself. The source is a fairly standard Eclipse 3.6 ("Helios") project built using the official Android SDK and ADT Eclipse plugin. An official release build will likely be added once we think it's ready.
Please see our old wiki pages for additional documentation.