[aprssig] APRS-IS Passcode Has Become An Utter and Total Joke....

Samúel Úlfr Þór Guðjónsson tf2sut at ulfr.net
Fri Mar 28 17:11:12 EDT 2014


Like Steve notes in his post, there hasn't been much harm done even tho'
it's been easy to create your own passcode to whatever callsign (or not so
much of a callsign) one desires.
However, as already discussed in earlier threads here on APRSSIG, it might
be bad for countries who already are on the gray zone, with the RF to
Internet connection (or vice versa).
There is a hope however, it's called SSL. Via LOTW or similar methods.
Which has already been tested and proven to work.

How to move the whole APRS community on to that idea, that's the real
challenge...

Till that day, we'll have to accept the fact that the aprs passcode is not
so much of a security against none-hams...



73 de TF2SUT - Samúel


On 28 March 2014 20:46, Steve Dimse <steve at dimse.com> wrote:

> The first web page generator appeared less than three days after I
> published the algorithm on the aprssig. Many have come and gone over the
> years, often chased away through the harassment of self-appointed police
> that think they are making themselves useful. The generator program
> callpass has been in every version of aprsd since before I made the
> algorithm public (which was why I made it public); it is in xastir. Install
> either of these programs and type 'callpass k4hg' at the prompt and you get
> my code, 28817.
>
> This is nothing new, you never needed to write code.
>
> There is only one level of uselessness. Something is either useful or
> useless! ;-)
>
> But it is also important to remember that this was never intended to be
> cryptographically secure. I would have used more than 15 bits, even in the
> 90s! The purpose was to provide cover for the FCC rule that offered IGate
> operators shelter from responsibility for the contents of the message if it
> was known to come from a ham. In the absence of that proof the transmitting
> station assumes all regulatory liability for the contents of the
> transmitted message. That is why the passcode has been useless ever since
> aprsd included the source code for the algorithm.
>
> IGate operators have not had that shelter for many years, and nothing bad
> has happened. Knock on wood.
>
> Steve K4HG
>
> On Mar 28, 2014, at 4:08 PM, Stephen H. Smith <WA8LMF2 at aol.com> wrote:
>
> > I was Googling for information on the APRS-IS today, and discovered that
> there are now numerous webpages that have interactive self-serve passcode
> generators for APRS-IS "validated" log-ins on them.   Many will accept
> absolutely any random alphanumeric string such as tactical calls, CB
> handles, cipher groups or anything else.
> >
> > Here are some of the ones I found:
> >
> >     <http://callpass.kf5jwc.us/>
> >     This one DOES verify that the string entered is a real callsign.
> >
> >     <http://apps.magicbug.co.uk/passcode/index.php/passcode>
> >     This one will accept anything as input
> >
> > If you don't want to go online to generate your passcode, this
> downloadable Windows program will do the job locally:
> >
> > <
> http://blog.eagleflint.com/software-downloads/aprs-is-passcode-generator/>
> >
> > K4HG has been warning for ages that the APRS passcode scheme is totally
> non-secure, but it has now reached a new level of uselessness with these
> ready-to-run interactive pages and apps.
> >
> > I.e. you no longer need to know how to translate the documented
> algorithm into actual program code in some language.
> >
> >
> > _____________________________________________________
> >
> >
> > --
> >
> > Stephen H. Smith    wa8lmf (at) aol.com
> > Skype:        WA8LMF
> > EchoLink:  Node #  14400  [Think bottom of the 2-meter band]
> > Home Page:          http://wa8lmf.net
> >
> >
> > Long-Range APRS on 30 Meters HF
> >    http://wa8lmf.net/aprs/HF_APRS_Notes.htm
> >
> > High Performance Sound Systems for Soundcard Apps
> >   http://wa8lmf.net/ham/imic.htm
> >   http://wa8lmf.net/ham/uca202.htm
> >
> > "APRS 101"  Explanation of APRS Path Selection & Digipeating
> >  http://wa8lmf.net/DigiPaths
> >
> >
> >
> >
> > _______________________________________________
> > aprssig mailing list
> > aprssig at tapr.org
> > http://www.tapr.org/mailman/listinfo/aprssig
>
> _______________________________________________
> aprssig mailing list
> aprssig at tapr.org
> http://www.tapr.org/mailman/listinfo/aprssig
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.tapr.org/pipermail/aprssig_lists.tapr.org/attachments/20140328/bd750ade/attachment.html>


More information about the aprssig mailing list