[aprssig] More secure passcodes for APRS-IS?
Øyvind Hanssen
la7eca at hans.priv.no
Thu Apr 3 09:17:47 EDT 2025
I have observed some cases of abuse of the APRS-IS network. It is too
easy to post disinformation or to do DOS attacks, etc. Also, everyone
can read the APRS-IS data stream. Maybe there are local APRS-IS networks
that need a more restrictive access policy?
The verification scheme is not designed to be secure. It is a simple
hash of the username (callsign). Alternatively we might use SSL/TLS when
making connections to APRS-IS nodes, but it is more complex to handle
and not all software support it. It is necessary to have a CA that
issues certificates, etc. etc. .
What about a more secure hashing scheme? Using a secret + the username
to generate a hash. HMAC (possibly with SHA-256) is a de facto standard
and more secure than a simple hashing scheme. Hashes can be truncated
and base-64 encoded. If existing software can use e.g. a 16 character
code instead of the 4-digit (16bit) passcodes without modification, it
may be something? Also, such a scheme does not encrypt content. If that
is a requirement, maybe SSL/TLS is better.
It is not a proof of identity, but is a proof that you either know the
secret or someone who does, has granted you access. Only
passcode-issuers and APRS-IS nodes need to know the secret. The risk is
of course that the secret is leaked and it may be rather cumbersome if
it must be renewed.
73
LA7ECA, Øyvind
More information about the aprssig
mailing list