Order Tray | Contact Us | Home | SIG Lists

[aprssig] APRS-IS Passcode Generator On-Line

Matti Aarnio oh2mqk at sral.fi
Mon Aug 9 21:01:29 UTC 2010


On Mon, Aug 09, 2010 at 12:25:13PM -0700, Stephen H. Smith wrote:
> 
>  Further, I have now noticed that if you Google for either "APRS
> password"  or "APRS passcode" , this site is the very first hit.
> 

Dear OM,

  Are you trying to tell that the "secret handshake" that has been quite
public knowledge since mid 1990es should be made secret again, and such
pass-code generators are to be eradicated from the internet?

If the intention were to have a real secret and _secure_ pass-code,
it could use Digest-MD5 algorithm, or something of its like where
"shared user secret" ( = "password" ) is not stored in plaintext
in the database, nor is it recoverable.   But the APRS-IS is really
not worth the secure identity federation technology, or even a storage
of secure passwords.

For that matter,  my  Aprx  does NOT have a way to enter the passcode
in the configuration.  It calculates the correct code internally, and
authenticates with it to APRS-IS.  You just give it the "mycall" parameter.
Just one thing less to get wrong.

Of course unlicensed users will hop in when such is possible.
Are they doing it so much that it really is trouble?  Some trucks in
USA abusing APRS every now and then, but they are on RF, not with
APRS-IS connection.

Would a requirement of authenticating with LotW user certificate
to APRS-IS guarantee the iGate to be fully licensed in any way?

Lets not get deep into the question of identity proofs..  APRS is a
ham-radio hobby, and we tend to trust when somebody says he is WA8LMF.
We trust that without running whole plethora of background checks.
If the name (or callsign) is well known, we probably will not do any
checks of the identity at all.

  73 de Matti Aarnio, OH2MQK

> 
> On 8/7/2010 9:04 PM, Stephen H. Smith wrote:
> > While studying stats for my website last night, I discovered that
> >this address was producing referals to my site:
> >
> ><http://wiki.github.com/ge0rg/aprsdroid/>
> >
> >It's apparently an app to inject basic APRS-format posits into the
> >APRS-IS from any Android-based cellphone.  In turn, the page not
> >only linked to my APRS Symbols page at:
> >
> ><http://wa8lmf.net/aprs/APRS_symbols.htm>
> >
> >but also to a completely self-serve generator for APRS-IS passcodes at:
> >
> ><http://zielkeassociates.com/~jack/aprs-xo/aprspass/>
> >
> >
> >(You have to click through the link "Settings" on the first page
> >above to get to a second page
> >
> ><http://wiki.github.com/ge0rg/aprsdroid/settings>
> >
> >that has the next two links on it.)
> >
> >Interestingly, the passcode generator will spit out APRS pass
> >codes for any string of characters (not just real callsigns) so
> >one can create IS passcodes for tactical callsigns......
> >
> >-------------------------------------------------------------------------------
> >
> >Stephen H. Smith    wa8lmf (at) aol.com
> >EchoLink Node:      WA8LMF  or 14400    [Think bottom of the 2M band]
> >Skype:        WA8LMF
> >Home Page:          http://wa8lmf.net



More information about the aprssig mailing list