[aprssig] APRS-IS Passcode Has Become An Utter and Total Joke....

Stephen H. Smith wa8lmf2 at aol.com
Fri Mar 28 16:08:38 EDT 2014


I was Googling for information on the APRS-IS today, and discovered that there 
are now numerous webpages that have interactive self-serve passcode generators 
for APRS-IS "validated" log-ins on them.   Many will accept absolutely any 
random alphanumeric string such as tactical calls, CB handles, cipher groups or 
anything else.

Here are some of the ones I found:

      <http://callpass.kf5jwc.us/>
      This one DOES verify that the string entered is a real callsign.

      <http://apps.magicbug.co.uk/passcode/index.php/passcode>
      This one will accept anything as input

If you don't want to go online to generate your passcode, this downloadable 
Windows program will do the job locally:

<http://blog.eagleflint.com/software-downloads/aprs-is-passcode-generator/>

K4HG has been warning for ages that the APRS passcode scheme is totally 
non-secure, but it has now reached a new level of uselessness with these 
ready-to-run interactive pages and apps.

I.e. you no longer need to know how to translate the documented algorithm into 
actual program code in some language.


_____________________________________________________


--

Stephen H. Smith    wa8lmf (at) aol.com
Skype:        WA8LMF
EchoLink:  Node #  14400  [Think bottom of the 2-meter band]
Home Page:          http://wa8lmf.net


  Long-Range APRS on 30 Meters HF
     http://wa8lmf.net/aprs/HF_APRS_Notes.htm

High Performance Sound Systems for Soundcard Apps
    http://wa8lmf.net/ham/imic.htm
    http://wa8lmf.net/ham/uca202.htm

"APRS 101"  Explanation of APRS Path Selection & Digipeating
   http://wa8lmf.net/DigiPaths







More information about the aprssig mailing list