<div dir="ltr"><div><div><div>Like Steve notes in his post, there hasn't been much harm done even tho' it's been easy to create your own passcode to whatever callsign (or not so much of a callsign) one desires.<br>
However, as already discussed in earlier threads here on APRSSIG, it might be bad for countries who already are on the gray zone, with the RF to Internet connection (or vice versa).<br></div>There is a hope however, it's called SSL. Via LOTW or similar methods.<br>
Which has already been tested and proven to work.<br><br></div>How to move the whole APRS community on to that idea, that's the real challenge...<br><br></div>Till that day, we'll have to accept the fact that the aprs passcode is not so much of a security against none-hams...<br>
<br></div><div class="gmail_extra"><br clear="all"><div><br>73 de TF2SUT - Samúel<br></div>
<br><br><div class="gmail_quote">On 28 March 2014 20:46, Steve Dimse <span dir="ltr"><<a href="mailto:steve@dimse.com" target="_blank">steve@dimse.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
The first web page generator appeared less than three days after I published the algorithm on the aprssig. Many have come and gone over the years, often chased away through the harassment of self-appointed police that think they are making themselves useful. The generator program callpass has been in every version of aprsd since before I made the algorithm public (which was why I made it public); it is in xastir. Install either of these programs and type 'callpass k4hg' at the prompt and you get my code, 28817.<br>
<br>
This is nothing new, you never needed to write code.<br>
<br>
There is only one level of uselessness. Something is either useful or useless! ;-)<br>
<br>
But it is also important to remember that this was never intended to be cryptographically secure. I would have used more than 15 bits, even in the 90s! The purpose was to provide cover for the FCC rule that offered IGate operators shelter from responsibility for the contents of the message if it was known to come from a ham. In the absence of that proof the transmitting station assumes all regulatory liability for the contents of the transmitted message. That is why the passcode has been useless ever since aprsd included the source code for the algorithm.<br>
<br>
IGate operators have not had that shelter for many years, and nothing bad has happened. Knock on wood.<br>
<br>
Steve K4HG<br>
<div class="HOEnZb"><div class="h5"><br>
On Mar 28, 2014, at 4:08 PM, Stephen H. Smith <<a href="mailto:WA8LMF2@aol.com">WA8LMF2@aol.com</a>> wrote:<br>
<br>
> I was Googling for information on the APRS-IS today, and discovered that there are now numerous webpages that have interactive self-serve passcode generators for APRS-IS "validated" log-ins on them. Many will accept absolutely any random alphanumeric string such as tactical calls, CB handles, cipher groups or anything else.<br>
><br>
> Here are some of the ones I found:<br>
><br>
> <<a href="http://callpass.kf5jwc.us/" target="_blank">http://callpass.kf5jwc.us/</a>><br>
> This one DOES verify that the string entered is a real callsign.<br>
><br>
> <<a href="http://apps.magicbug.co.uk/passcode/index.php/passcode" target="_blank">http://apps.magicbug.co.uk/passcode/index.php/passcode</a>><br>
> This one will accept anything as input<br>
><br>
> If you don't want to go online to generate your passcode, this downloadable Windows program will do the job locally:<br>
><br>
> <<a href="http://blog.eagleflint.com/software-downloads/aprs-is-passcode-generator/" target="_blank">http://blog.eagleflint.com/software-downloads/aprs-is-passcode-generator/</a>><br>
><br>
> K4HG has been warning for ages that the APRS passcode scheme is totally non-secure, but it has now reached a new level of uselessness with these ready-to-run interactive pages and apps.<br>
><br>
> I.e. you no longer need to know how to translate the documented algorithm into actual program code in some language.<br>
><br>
><br>
> _____________________________________________________<br>
><br>
><br>
> --<br>
><br>
> Stephen H. Smith wa8lmf (at) <a href="http://aol.com" target="_blank">aol.com</a><br>
> Skype: WA8LMF<br>
> EchoLink: Node # 14400 [Think bottom of the 2-meter band]<br>
> Home Page: <a href="http://wa8lmf.net" target="_blank">http://wa8lmf.net</a><br>
><br>
><br>
> Long-Range APRS on 30 Meters HF<br>
> <a href="http://wa8lmf.net/aprs/HF_APRS_Notes.htm" target="_blank">http://wa8lmf.net/aprs/HF_APRS_Notes.htm</a><br>
><br>
> High Performance Sound Systems for Soundcard Apps<br>
> <a href="http://wa8lmf.net/ham/imic.htm" target="_blank">http://wa8lmf.net/ham/imic.htm</a><br>
> <a href="http://wa8lmf.net/ham/uca202.htm" target="_blank">http://wa8lmf.net/ham/uca202.htm</a><br>
><br>
> "APRS 101" Explanation of APRS Path Selection & Digipeating<br>
> <a href="http://wa8lmf.net/DigiPaths" target="_blank">http://wa8lmf.net/DigiPaths</a><br>
><br>
><br>
><br>
><br>
> _______________________________________________<br>
> aprssig mailing list<br>
> <a href="mailto:aprssig@tapr.org">aprssig@tapr.org</a><br>
> <a href="http://www.tapr.org/mailman/listinfo/aprssig" target="_blank">http://www.tapr.org/mailman/listinfo/aprssig</a><br>
<br>
_______________________________________________<br>
aprssig mailing list<br>
<a href="mailto:aprssig@tapr.org">aprssig@tapr.org</a><br>
<a href="http://www.tapr.org/mailman/listinfo/aprssig" target="_blank">http://www.tapr.org/mailman/listinfo/aprssig</a><br>
</div></div></blockquote></div><br></div>