Table of Contents
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
This app use AFSK demodulated data as random seeds for each char, use LCG + one more random layer as PRNG algorithms to generate passwords.
In theory if the quality of seeds (which is from mostly radio noise) is good enough, then the password randomization would be good enough. But usually they are not, or we don’t know, or they do but not stable. So even if this is more secure than many other PRNG generators, in the best case it even can be considered as TRNG generators, don’t use this at high security scenes, for example money-related things.
All the “send” button/checkbox in this app means send via serial async messages, check serial page in this wiki for more details.
Flood mode is from streaming generated code, this will always streaming into serial, alternatively you can check the savin checkbox to save generated codes and seeds. Keep in mind that with seeds, you can generated same code with proper PRNG, so they are same level of security, don’t leak them.
Each shuffle algo and what it can bring you
There are two dimensions of password safety:
- Entropy: When you generate mass of password, it should split evenly in the possible space, that controls password quality. In this app, the only entropy provider is the demodulated AFSK data. the LCG/ sha-512/ shuffle algo won't bring more entropy.
- Randomness: It controls how many total possibilities can be generated. In this app, the only randomness provider is the "each digits using different seed in the buffer" algorithm, which spread the total possible combination into the max value of possibility: (CHARNUMBER)^{DIGITS}.
| Algo / Source | Bring Entropy ? | Bring Randomization ? | Bring difficult to reverse calculation ? | Made it harder to Brute-Force ? | Time Complexity and Space Complexity |
|---|---|---|---|---|---|
| Use time as seeds to pick a random frequency with LCG to fetch AFSK data | 🚫 | ✅ | 🚫 | 🚫 | O(1) - O(1) |
| The original demodulated AFSK data as seeds | ✅ | 🚫 | 🚫 | 🚫 | O(1) - O(1) |
| Each digits using different seed in the buffer | ✅ | 🚫 | 🚫 | ✅ | O(n^DITIGS_NUMBER) - O(n^DITIGS_NUMBER) |
| The LCG PRNG algo inside of cpp STL | 🚫 | ✅ | 🚫 | 🚫 | O(n) - O(1) |
| Shuffle with two groups of seeds | 🚫 | ✅ | 🚫 | ✅ | O(n) - O(n) |
| The SHA-512 hash algo | 🚫 | ✅ | ✅ | 🚫 | O(n) - O(1) |
| Result | ✅ x 2 | ✅ * 4 | ✅ * 1 | ✅ * 2 |
How to collaborate
How to ask questions correctly
User manual
- First steps
- Usage cautions
- Intended use and Legality
- Features
- PortaPack Versions (which one to buy)
- HackRF Versions
- Firmware update procedure
- Description of the hardware
- User interface
- Powering the PortaPack
- Troubleshooting
- Applications
Developer Manual
- Compilation of the firmware
- Compile on WSL with ninja
- How to compile on Windows faster with WSL 2
- Using Docker and Kitematic
- Docker command-line reference
- Using Buddyworks and other CI platforms
- Notes for Buddy.Works (and other CI platforms)
- Using ARM on Debian host
- All in one script for ARM on Debian host
- Compile on Arch based distro (exclude Asahi)
- Dev build versions
- Notes About ccache
- Create a custom map
- Code formatting
- PR process
- Description of the Structure
- Software Dev Guides
- Tools
- Research
- UI Screenshots
- Maintaining
- Creating a prod/stable release (Maintainers only)
- Maintaining rules
- Development States Notes
Note
The wiki is incomplete. Please add content and collaborate.
Important
- This is a public wiki. Everything is visible to everyone. Don't use it for personal notes.
- Avoid linking to external tutorials/articles; they may become outdated or contain false information.