Trip code

from Wikipedia, the free encyclopedia
This article is not adequately provided with supporting documents (for example individual proofs ). Information without sufficient evidence could be removed soon. Please help Wikipedia by researching the information and including good evidence.
Completely unoccupied article! - DF5GO 18:23, Jul 25, 2012 (CEST)
A post in a Swedish imageboard with a trip key identical to the user name (dark blue) and the resulting trip code (red)

Tripcodes ( Japanese ト リ ッ プ , Torippu ) are an authentication method that does not require registration. They are mostly used on text boards such as 2channel or image boards .

A trip code is generated by the server from a password (trip key) using a cryptological hash function . The password is usually entered together with the user name in a common input field. An entry in the usual 2channel format username#tripcodethen appears in the post username!3GqYIJ3Obs. This #serves as a separator between username and password and !between username and trip code. In some boards, a is shown instead of the latter . In order to make counterfeiting more difficult, the user name and trip code are often presented in different formats, e.g. B. the username in bold.

People reading a board can identify posts made by the same user by comparing tripcodes. Since it is unlikely that two people with the same username will use the same password, the tripcodes can tell them apart.

One advantage of tripcodes is that neither the user names nor the passwords have to be stored in any way on the server. Since most boards use the same tripcode algorithm, users can also authenticate across websites.

Example implementation

The code for generating trip codes in the classic 2channel style in Perl using DES as the hash algorithm - the key is derived from plain text - is as follows: 

$salt = substr($tripkey.'H.', 1, 2);        # tripkey ist Shift-JIS kodiert
$salt =~ s/[^\.-z]/\./go;                   # ersetze alle Zeichen kleiner als "." und größer als "z" durch "."
$salt =~ tr/:;<=>?@[\\]^_`/A-Ga-f/;         # ersetze alle Zeichen aus ":;<=>?@[\]^_`" durch ihr Äquivalent aus "ABCDEFGabcdef"
$trip = crypt($tripkey, $salt);             # Unix-crypt(3)-Funktion
$trip = substr($trip, -10);                 # entferne Salt am Anfang
print '◆'.$trip;

Secure tripcodes

Tripcodes are not a cryptographically secure authentication method, since the key space for tripcodes in 2channel style is only 2 54 bits large due to the use of DES . This means that pre-image attacks, e.g. B. be driven through rainbow tables to find a trip key that generates a specific, desired trip code. Therefore, some Imageboards use Secure Tripcodes together with the normal tripcodes. Secure trip codes are salted hashes that require a second trip key as input - often in the form username#tripcode#securetripcode - and use a salt (random value) stored on the server . Since this salt is secret and unique for every website, these attacks are made more difficult.

One disadvantage of Secure Tripcodes is that they are board specific. Unless two boards use the same salt, tripcode algorithm and representation, one person cannot prove that they are the same person on two different boards. Since most users assume that few people go to the trouble of figuring out tripcodes from others, they prefer the traditional tripcodes.

Web links

Commons : Tripcode  - collection of images, videos and audio files