How To Crack A Tripcode
From Wikipedia, the free encyclopedia
A tripcode is a means of telecommunicationauthenticationthat does not require registration. Tripcodes are most often usedin 2channel-style message boards or Futaba Channel-style imageboards. A tripcodeis a hashed password by which a person can be identified byothers.
Apr 11, 2012 - We were gonna set up a distributed tripcode cracking system and crack every tripcode, but then we realized that would require more storage. Users who choose to forsake their anonymity and adopt a username, or tripcode. However previously was a 'serious poster' his trip was cracked and after.
A tripcode is the result of input to a cryptographic hash functionon the message board server, usually entered in the same field asthe name. Using the common 2channel format,name#tripcode
when entered as a username becomesname!3GqYIJ3Obs
when displayed in the post. The!
is the separator between name and tripcode; on someboards it is replaced with ◆
. [1]
Readers of the board can identify postings made by the same userby comparing tripcodes. If two people use the same user name, theycan be told apart because they, presumably, don't know each other'spasswords that generate the different tripcodes. This way, thenames and passwords don't have to be stored in a database. As many boards usethe same algorithm, tripcodes are usually consistent.
Contents
|
Description of thealgorithm
The tripcode function works as follows:
- Convert the input to Shift JIS.
- Generate the salt as follows:
- Take the second and third characters of the string obtained byappending H. to the end of the input.
- Replace any characters not between . and zwith ..
- Replace any of the characters in :;<=>?@[]^_`with the corresponding character from ABCDEFGabcdef.
- Call the crypt()function with the input and salt.
- Return the last 10 characters. (compressional dataharvest)
Since this is merely a de facto standard, actualimplementations vary widely. Most noticeably, many implementationssubstitute various characters with their HTML entities. Forexample, 2channel translates <, >, and' to <, >, and".[2] Otherimplementations also replace other characters, e.g.& and '. However, this behavior waslikely due to a bug in the original implementation, and since eachboard has different behavior it should not be considered part ofthe algorithm. Further, some boards don't perform the Shift JISconversion. Lastly, as a historical note, the originalimplementation only used the last 8 characters, but this has beenfully replaced by 10-character tripcodes.
Securetripcodes
Apx cps programming software. Tripcodes are not a very secure authentication method. Since thekeyspace of 2channel-style tripcodes is notvery large (slightly larger than 256) some boardsimplement a secure tripcode along with normal tripcodes.In their case another hash is used that takes a second input(typically in the form of name##securetripcode
orname#tripcode#securetripcode
) and uses a secret saltstored on the server. As this salt is secret and site specific onecannot use a pre-computed preimage attack such as rainbow tables.
One of the drawbacks of secure tripcodes is that they arespecific to a single imageboard or discussion board. Because ofthis, a user cannot verify his or her identity across multipleboards or websites unless each board happens to use the same secretsalt as well as the same method of generating and displaying securetripcodes. Coupled with the fact that it is fairly rare that a usergoes through the trouble of discovering another user's tripcodestring, many users opt to use normal tripcodes.
Tripcode Explorer
References
- ^2channel FAQ(Japanese)
- ^http://wakaba.c3.cx/soc/kareha.pl/1100499906/520,522