Skip to content

Instantly share code, notes, and snippets.

View atoponce's full-sized avatar
Crypto coffee

Aaron Toponce atoponce

Crypto coffee
116 followers · 16 following
View GitHub Profile
@atoponce
atoponce / log.txt
Created June 26, 2019 22:53
Testing negotiated MACs with OpenSSH 7.9
debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none
debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none
---
debug1: kex: server->client cipher: aes128-ctr MAC: [email protected] compression: none
debug1: kex: client->server cipher: aes128-ctr MAC: [email protected] compression: none
---
debug1: kex: server->client cipher: aes192-ctr MAC: [email protected] compression: none
debug1: kex: client->server cipher: aes192-ctr MAC: [email protected] compression: none
---
debug1: kex: server->client cipher: aes256-ctr MAC: [email protected] compression: none
@atoponce
atoponce / gist:983b287af496338954942da5d612176d
Last active May 8, 2019 02:43
Show the differences betwen various base-32 encoding schemes. Alphanumeric order used to show what's missing in each.
RFC 2938: 0123456789ABCDEFGHIJKLMNOPQRSTUV : Preserves hex bitwise sort order
RFC 4648: 234567 ABCDEFGHIJKLMNOPQRSTUVWXYZ: 8/B, 9/g, 0/O, and 1/I ambiguity
Crockford: 0123456789ABCDEFGH JK MN PQRST VWXYZ: 0/O and 1/I/L ambiguity
Geohash: 0123456789 BCDEFGH JK MN PQRSTUVWYYZ: 0/O and 1/I/L ambiguity. No "A"
z-base-32: 1 3456789ABCDEFGHIJK MNOPQRSTU WXYZ: human ease-of-use
@atoponce
atoponce / index.html
Last active January 28, 2021 21:43
JavaScript entropy proof-of-concept
<html>
<head>
<meta http-equiv='Content-Type' content='text/html; charset=utf-8' />
<title>JavaScript Entropy Proof-of-Concept</title>
<script language='javascript'>
function draw_disco(s) {
const canvas = document.getElementById('canvas')
const context = canvas.getContext('2d')
const radius = 30
@atoponce
atoponce / examples.md
Last active June 23, 2023 18:15
Best practices for examples in documentation

Reserved Examples

Below are examples for best practices that have been set aside specifically for writing documentation, fictional stories, source code, or anything else where an example needs to be given without the fear of resolving to an actual phone number, domain, website, etc.

Domain Names

In 1999, the "example.com" domains have been set aside by the IETF in RFC 2606 and updated in RFC 6761 specifically for documentation and source code. They include example.com, example.net, and example.org. The example.edu domain was added by ICANN in 2000. Later, the ".example" top-level domain name has since been added explicitly for documentation purposes. While the pseudo-top-level domain ".local" carries no meaning, it is commonly deployed in multicast DNS, local DNS, and private networks. While it too could be used for documentation, it's better left alone, and to use the "example.com" and ".example" domains.

However, "test" [re

@atoponce
atoponce / README.md
Last active June 20, 2024 01:30
Proposed improvements to EFF's FANDOM wordlists

Proposed EFF Fandom Improvements

Contact

If there are any problems with the word lists, please reach out to me on Fosstodon [@atoponce][0].

Non-license

These word lists are released to the public domain. Enjoy.

Original Word List Problems

@atoponce
atoponce / readme.md
Last active October 17, 2020 16:53
Password generation in the shell

Simple Shell Password Generation

Just using the shell, either with built-in tools, or 3rd party generators, for building passwords with at least 70-bits of entropy (1 in at least 1,180,591,620,717,411,303,424 possibilities).

Each provide their own advantages and disadvantages.

Built-in Tools

All graphical keyboard characters

All possible 94 graphical characters (not the or) are

@atoponce
atoponce / README.md
Created July 30, 2018 20:30
Extracting entropy from mouse movement events

Extracing Entropy From Mouse Movement Events

Here are my findings of entropy extraction estimates from mouse movement events in the browser. Tables below show the results sorted by the minimum entropy extraction. Timing events, keyboard events, and other potential sources of entropy that can be collected from the user are not considered here.

A [visual representation][1] of slow, medium, and fast mouse movements can help visualize why the entropy estimation increases as the mouse velocity increases. The recorded data was plotted with Gnuplot as follows:

@atoponce
atoponce / bias.py
Last active November 2, 2024 18:21
Some solutions removing bias from loaded dice
#!/usr/bin/python3
import random
# Simple script to simulate biased throws of a single d6 die.
# bias should sum to 1
# pips ( 1, 2, 3, 4, 5, 6 )
BIAS = (0.125, 0.125, 0.25, 0.25, 0.125, 0.125)
@atoponce
atoponce / trump.js
Created June 8, 2018 01:30
Uncut Trump passphrase wordlist
"#",
"$",
"0",
"1",
"2",
"3",
"4",
"5",
"6",
"7",
@atoponce
atoponce / index.html
Created June 6, 2018 22:56
Twemoji font testing
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<title>Emoji Font Test</title>
<style>
@font-face {
font-family: "emoji";
src: url("./fonts/TwitterColorEmoji-SVGinOT.ttf") format("truetype");
}