infinity-next icon indicating copy to clipboard operation
infinity-next copied to clipboard
verified publisher icon infinity-next

Secure tripcodes

Open ctrlcctrlv opened this issue 5 years ago • 4 comments

This is a follow up to https://9chan.us/9/thread/24#457

When a tripcode with two hashes as ## is used, it's interpreted as a regular DES tripcode. This is likely to confuse users. Tripcodes beginning with a hash should be rejected as invalid until a secure tripcode is implemented.

As secure tripcodes are different on every site, there's no need to match the 4chan/8chan way of doing it (3DES + a salt).

SHA256 could be used, or BLAKE2. Or cryptographic key generation and signing could be implemented in the browser, similar to this : https://www.youtube.com/watch?v=c8EjDKEeusM

ctrlcctrlv avatar Apr 20 '20 23:04 ctrlcctrlv

This is a duplicate of #28, you opened almost 5 years ago exactly, but I'll close that one now.

Since then, the original intention of the HTML5 (then in beta and barely supported) keygen tag has been deprecated in favor of a keygen attribute. I have never seen it used, ever. https://www.w3schools.com/TAGS/att_keygen_name.asp

jaw-sh avatar Apr 21 '20 06:04 jaw-sh

I love it. Never heard of it.

ctrlcctrlv avatar Apr 21 '20 16:04 ctrlcctrlv

Ohhh shit just noticed the pgp signing commit w/ gnupg_verify() for 0.6.0. Wow the need for this within the confines of an anonymous image board cannot be overstated. So overdue. Absolutely capital Jawsh, well done!

milezzz avatar Apr 26 '20 18:04 milezzz

I'm waiting on a patch form PHP Security because the php-gnupg mod is just completely, totally shattered.

jaw-sh avatar Apr 26 '20 18:04 jaw-sh