Skip to content

Instantly share code, notes, and snippets.

Aaron Toponce atoponce

View GitHub Profile
@atoponce
atoponce / index.html
Last active Apr 19, 2019
JavaScript entropy proof-of-concept
View index.html
<html>
<head>
<meta http-equiv='Content-Type' content='text/html; charset=utf-8' />
<title>JavaScript Entropy Proof-of-Concept</title>
<script language='javascript'>
// the main crytpographic object
const crypto = window.crypto || window.mscrypto;
// collect cryptographic quality randomness
var entropy = new Uint32Array(8);
@atoponce
atoponce / examples.md
Last active Apr 5, 2019
Best practices for examples in documentation
View examples.md

Reserved Examples

Below are examples for best practices that have been set aside specifically for writing documentation, fictional stories, source code, or anything else where an example needs to be given without the fear of resolving to an actual phone number, domain, website, etc.

Domain Names

In 1999, the "example.com" domains have been set aside by the IETF in RFC 2606 specifically for documentation and source code. They include example.com, example.net, and example.org. The example.edu domain was added by ICANN in 2000. Later, the ".example" top-level domain name has since been added explicitly for documentation purposes.

While the pseudo-top-level domain ".local" carries no meaning, it is commonly deployed in multicast DNS, local DNS, and private networks. While it too could be used for documentation, it's better left alone, and to use the "example.com" and ".example" domains.

Example

If you wanted to document getting a specific resource via a REST API

@atoponce
atoponce / README.md
Created Aug 31, 2018
Proposed improvements to EFF's FANDOM wordlists
View README.md

There are some text encoding errors in the initial EFF word lists:

Game of Thrones:

  • 5-15-4 & 15-15-4: "donÕt" in txt, "don’t" in PDF (non-ASCII apostrophe)
  • 9-20-18 & 19-20-18: "m?ole" in txt, 'mole' in PDF (0x0a between "m" and "o")
  • 4-9-3 & 14-9-3: "weÕre" in txt, "we’re" in PDF (non-ASCII apostrophe)
  • 6-19-20 & 16-19-20: "Òfuck" in txt, "“fuck" in PDF (non-ASCII double-quote)

Assuming "don't" in 5-15-4/15-15-4 and "we're" in 4-9-3/14-9-3, I removed those entries, as there are no other word contractions anywhere else in any of the lists.

@atoponce
atoponce / readme.md
Last active Dec 5, 2018
Password generation in the shell
View readme.md

Simple Shell Password Generation

Just using the shell, either with built-in tools, or 3rd party generators, for building passwords with at least 70-bits of entropy (1 in at least 1,180,591,620,717,411,303,424 possibilities).

Each provide their own advantages and disadvantages.

Built-in Tools

All graphical keyboard characters

All possible 94 graphical characters (not the <Space> or <Tab>) are

@atoponce
atoponce / README.md
Created Jul 30, 2018
Extracting entropy from mouse movement events
View README.md

Extracing Entropy From Mouse Movement Events

Here are my findings of entropy extraction estimates from mouse movement events in the browser. Tables below show the results sorted by the minimum entropy extraction. Timing events, keyboard events, and other potential sources of entropy that can be collected from the user are not considered here.

A [visual representation][1] of slow, medium, and fast mouse movements can help visualize why the entropy estimation increases as the mouse velocity increases. The recorded data was plotted with Gnuplot as follows:

@atoponce
atoponce / bias.py
Last active Jul 7, 2018
Some solutions removing bias from loaded dice
View bias.py
#!/usr/bin/python
import random
# Simple script to simulate biased throws of a single d6 die.
# bias should sum to 1
# pips ( 1, 2, 3, 4, 5, 6 )
BIAS = (0.125, 0.125, 0.25, 0.25, 0.125, 0.125)
@atoponce
atoponce / trump.js
Created Jun 8, 2018
Uncut Trump passphrase wordlist
View trump.js
"#",
"$",
"0",
"1",
"2",
"3",
"4",
"5",
"6",
"7",
@atoponce
atoponce / index.html
Created Jun 6, 2018
Twemoji font testing
View index.html
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<title>Emoji Font Test</title>
<style>
@font-face {
font-family: "emoji";
src: url("./fonts/TwitterColorEmoji-SVGinOT.ttf") format("truetype");
}
@atoponce
atoponce / random.js
Last active Mar 11, 2018
Uniform random number generators
View random.js
// Citation: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Math/random
/*
* Getting a random number from [0, max)
*/
// DO THIS (unbiased)
function getRandomInt(max) {
var low = (-max >>> 0) % max;
do { var n = Math.random() * 0x100000000 >>> 0; } while(n < low);
@atoponce
atoponce / jp_hiragana.txt
Created Aug 16, 2017
Japanese Diceware
View jp_hiragana.txt
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
# This word list has included material from the JMdict (EDICT, etc.)
# dictionary files in accordance with the licence provisions of the
# Electronic Dictionaries Research Group, and is covered under their
# Creative Commons Attribution-ShareAlike Licence.
#
# http://www.edrdg.org/edrdg/licence.html
#
You can’t perform that action at this time.