Skip to content

Instantly share code, notes, and snippets.

View atoponce's full-sized avatar
Crypto coffee

Aaron Toponce atoponce

Crypto coffee
126 followers · 16 following
View GitHub Profile
@atoponce
atoponce / keyboardPatternPasswords.js
Last active December 5, 2025 22:50
Generates secure passwords with at least 72 bits symmetric security using patterns on the keyboard from different English layouts.
"use strict";
const COLEMAK = {
// top row
"`": ["1", "!"], get "~"() { return this["`"]; },
"1": ["`", "~", "2", "@", "q", "Q"], get "!"() { return this["1"]; },
"2": ["1", "!", "3", "#", "w", "W"], get "@"() { return this["2"]; },
"3": ["2", "@", "4", "$", "f", "F"], get "#"() { return this["3"]; },
"4": ["3", "#", "5", "%", "p", "P"], get "$"() { return this["4"]; },
"5": ["4", "$", "6", "^", "g", "G"], get "%"() { return this["5"]; },
@atoponce
atoponce / examples.md
Last active December 4, 2025 18:52
Best practices for examples in documentation

Reserved Examples

Below are examples for best practices that have been set aside specifically for writing documentation, fictional stories, source code, or anything else where an example needs to be given without the fear of resolving to an actual phone number, domain, website, etc.

Domain Names

In 1999, the "example.com" domains have been set aside by the IETF in RFC 2606 and updated in RFC 6761 specifically for documentation and source code. They include example.com, example.net, and example.org. The example.edu domain was added by ICANN in 2000. Later, the ".example" top-level domain name has since been added explicitly for documentation purposes. While the pseudo-top-level domain ".local" carries no meaning, it is commonly deployed in multicast DNS, local DNS, and private networks. While it too could be used for documentation, it's better left alone, and to use the "example.com" and ".example" domains.

However, "test" [re

@atoponce
atoponce / unicode-space.zsh
Last active December 2, 2025 13:34
Print "white space" of various types to see how they look and behave in different terminal emulators for password generators.
#!/usr/bin/env zsh
#
# Released to the public domain
#
# - No C0 control codes, except:
# - \u0009: tab character
# - \u001C: file separator (largest)
# - \u001D: group separator
# - \u001E: record separator
# - \u001F: unit separator
@atoponce
atoponce / gist:07d8d4c833873be2f68c34f9afc5a78a
Last active November 23, 2025 22:45 — forked from tqbf/gist:be58d2d39690c3b366ad
Cryptographic Best Practices

Cryptographic Best Practices

Putting cryptographic primitives together is a lot like putting a jigsaw puzzle together, where all the pieces are cut exactly the same way, but there is only one correct solution. Thankfully, there are some projects out there that are working hard to make sure developers are getting it right.

The following advice comes from years of research from leading security researchers, developers, and cryptographers. This Gist was [forked from Thomas Ptacek's Gist][1] to be more readable. Additions have been added from

@atoponce
atoponce / rates.md
Last active November 20, 2025 11:13
Verifiable brute force strength rates across different projects

Verifiable brute force strength

Below are table of various projects that can completely exhaust n-bits of keyspace. In other words, counting completely and fully from 0 to 2ⁿ-1.

This Gist implies no discussion about how this is relevant to quantum computing using Grover's algorithm, meet-in-the-middle or birthday attacks, or anything of the like. It's strictly a Gist about raw speed, measuring the result in bits.

If you know of other noteworthy and verifiable brute force searching projects,

@atoponce
atoponce / index.js
Last active November 14, 2025 04:21
Very efficient type 4 UUID generator in vanilla JavaScript. Runs in ~7.81 cpb on an Intel Core i7-8650U @ 1.9 GHz.
const uuid = new UUID();
console.log(uuid.v4());
@atoponce
atoponce / k4.md
Last active October 31, 2025 11:11
No, ChatGPT didn't solve Kryptos 4

So you think ChatGPT solved K4? You're not the only one. First, here's the K4 ciphertext and clues:

                           OBKR
UOXOGHULBSOLIFBBWFLRVQQPRNGKSSO
TWTQSJQSSEKZZWATJKLUDIAWINFBNYP
VTTMZFPKWGDKZXTJCDIGKUHUAUEKCAR

Jim Sandborn, the creator of the sculpture and puzzle has given us clues, revealing that characters:

@atoponce
atoponce / word-lists.md
Last active October 15, 2025 17:59
A list of notable and primarily English word lists that can be used for building passphrases.

Passphrase Word Lists

Introduction

This document outlines a number of different word lists for passphrase generation, encoding of binary data, and other uses. This document is grouped and sorted by the number of unique words in each word list, fewest unique words first.

Licensing Note

Some of these word lists are placed in the public domain, others are copyrighted with various licenses. Please refer to the license of each word

@atoponce
atoponce / 0-README.md
Last active October 2, 2025 05:45
Magic Hashes

Magic Hashes

Motivations

Calculating magic hashes for https://www.whitehatsec.com/blog/magic-hashes/. These strings should probably be put into a blacklist preventing users from using them as passwords to mitigate PHP evaluating hashes starting with "0e" as floats.

Probabilities

@atoponce
atoponce / README.md
Last active September 24, 2025 00:14
Proposed improvements to EFF's FANDOM wordlists

Proposed EFF Fandom Improvements

Contact

If there are any problems with the word lists, please reach out to me on Fosstodon [@atoponce][0].

Non-license

These word lists are released to the public domain. Enjoy.

Original Word List Problems