Skip to content

Instantly share code, notes, and snippets.

Aaron Toponce atoponce

Block or report user

Report or block atoponce

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
View gist:983b287af496338954942da5d612176d
Show the differences betwen various base-32 encoding schemes. Alphanumeric order used to show what's missing in each.
RFC 2938: 0123456789ABCDEFGHIJKLMNOPQRSTUV : Preserves hex bitwise sort order
RFC 4648: 234567 ABCDEFGHIJKLMNOPQRSTUVWXYZ: 8/B, 9/g, 0/O, and 1/I ambiguity
Crockford: 0123456789ABCDEFGH JK MN PQRST VWXYZ: 0/O and 1/I/L ambiguity
Geohash: 0123456789 BCDEFGH JK MN PQRSTUVWYYZ: 0/O and 1/I/L ambiguity. No "A"
z-base-32: 1 3456789ABCDEFGHIJK MNOPQRSTU WXYZ: human ease-of-use
atoponce / index.html
Last active Apr 26, 2019
JavaScript entropy proof-of-concept
View index.html
<meta http-equiv='Content-Type' content='text/html; charset=utf-8' />
<title>JavaScript Entropy Proof-of-Concept</title>
<script language='javascript'>
atoponce /
Last active Apr 5, 2019
Best practices for examples in documentation

Reserved Examples

Below are examples for best practices that have been set aside specifically for writing documentation, fictional stories, source code, or anything else where an example needs to be given without the fear of resolving to an actual phone number, domain, website, etc.

Domain Names

In 1999, the "" domains have been set aside by the IETF in RFC 2606 specifically for documentation and source code. They include,, and The domain was added by ICANN in 2000. Later, the ".example" top-level domain name has since been added explicitly for documentation purposes.

While the pseudo-top-level domain ".local" carries no meaning, it is commonly deployed in multicast DNS, local DNS, and private networks. While it too could be used for documentation, it's better left alone, and to use the "" and ".example" domains.


If you wanted to document getting a specific resource via a REST API

atoponce /
Last active Jun 8, 2019
Proposed improvements to EFF's FANDOM wordlists

Proposed EFF Fandom Improvements


If there are any problems with the word lists, please reach out to me on Twitter [@AaronToponce][0].

Original Word List Problems

The [initial EFF word lists][1] have several problems:

  1. The word lists are not alphabetical for visual inspection.
atoponce /
Last active Dec 5, 2018
Password generation in the shell

Simple Shell Password Generation

Just using the shell, either with built-in tools, or 3rd party generators, for building passwords with at least 70-bits of entropy (1 in at least 1,180,591,620,717,411,303,424 possibilities).

Each provide their own advantages and disadvantages.

Built-in Tools

All graphical keyboard characters

All possible 94 graphical characters (not the <Space> or <Tab>) are

atoponce /
Created Jul 30, 2018
Extracting entropy from mouse movement events

Extracing Entropy From Mouse Movement Events

Here are my findings of entropy extraction estimates from mouse movement events in the browser. Tables below show the results sorted by the minimum entropy extraction. Timing events, keyboard events, and other potential sources of entropy that can be collected from the user are not considered here.

A [visual representation][1] of slow, medium, and fast mouse movements can help visualize why the entropy estimation increases as the mouse velocity increases. The recorded data was plotted with Gnuplot as follows:

atoponce /
Last active Jul 7, 2018
Some solutions removing bias from loaded dice
import random
# Simple script to simulate biased throws of a single d6 die.
# bias should sum to 1
# pips ( 1, 2, 3, 4, 5, 6 )
BIAS = (0.125, 0.125, 0.25, 0.25, 0.125, 0.125)
atoponce / trump.js
Created Jun 8, 2018
Uncut Trump passphrase wordlist
View trump.js
atoponce / index.html
Created Jun 6, 2018
Twemoji font testing
View index.html
<!doctype html>
<meta charset="utf-8">
<title>Emoji Font Test</title>
@font-face {
font-family: "emoji";
src: url("./fonts/TwitterColorEmoji-SVGinOT.ttf") format("truetype");
atoponce / random.js
Last active Mar 11, 2018
Uniform random number generators
View random.js
// Citation:
* Getting a random number from [0, max)
// DO THIS (unbiased)
function getRandomInt(max) {
var low = (-max >>> 0) % max;
do { var n = Math.random() * 0x100000000 >>> 0; } while(n < low);
You can’t perform that action at this time.