[aprssig] APRS-IS Passcode Has Become An Utter and Total Joke....

Stephen H. Smith wa8lmf2 at aol.com
Fri Mar 28 16:08:38 EDT 2014

I was Googling for information on the APRS-IS today, and discovered that there 
are now numerous webpages that have interactive self-serve passcode generators 
for APRS-IS "validated" log-ins on them.   Many will accept absolutely any 
random alphanumeric string such as tactical calls, CB handles, cipher groups or 
anything else.

Here are some of the ones I found:

      This one DOES verify that the string entered is a real callsign.

      This one will accept anything as input

If you don't want to go online to generate your passcode, this downloadable 
Windows program will do the job locally:


K4HG has been warning for ages that the APRS passcode scheme is totally 
non-secure, but it has now reached a new level of uselessness with these 
ready-to-run interactive pages and apps.

I.e. you no longer need to know how to translate the documented algorithm into 
actual program code in some language.



Stephen H. Smith    wa8lmf (at) aol.com
Skype:        WA8LMF
EchoLink:  Node #  14400  [Think bottom of the 2-meter band]
Home Page:          http://wa8lmf.net

  Long-Range APRS on 30 Meters HF

High Performance Sound Systems for Soundcard Apps

"APRS 101"  Explanation of APRS Path Selection & Digipeating

More information about the aprssig mailing list