Trip code is tied into a bunch of factors, but once you post and dont clear cookies, you will keep getting the same tripcode. Its almost impossible for someone else to spoof the trip code.
However, Q did change tripcodes (for whatever reason), and even changed platforms a couple times, but each time anons quickly established who the real Q was.
Q switched identities/forums multiple times. Don't hold me to this, but from what I remember, at least one switch was confirmed by the Anons without hard proof. But it was a long time ago and I was not paying too much attention then. Someone else here might be able to answer definitively.
Ah I remember this. The tripcodes were supposed to stay the same for those who had verified accounts, but somehow his tripcode got changed. It exposed the board as being compromised and also the reason for moving to 8 I believe
Q had a series of unique password protected tripcodes. Not all posts have them. An interesting thing about them is if they are copied into Google and do a book search, an entire library of Western Civilization and our ideologies, advancements, etc can be found. Some books show up that don't go with the theme, but the ones that do are whoppers. Check it out. I thing MEGA had spreadsheets of them all. There's like 1200, I think. Been a while. Hope this helps. I'll look for the spreadsheet and post it here if I find it.
This question comes up every so often, would be nice if it was in a FAQ somewhere.
The tripcode is a one-way hash output generated from a string/passphrase as a source, not unlike an md5/sha1, albeit weaker. So being able to generate the hash that Q posts under means you also know the passphrase that Q uses.. which therefore establishes that you are either the same poster as previous Q drops, or are close enough to Q that they have communicated the same passphrase to you via some out-of-band means, like among a team of folks acting under the Q rubric for example.
He did delta confirmations every time he switched trip codes. First Q posted that trip confirm was incoming, then Donald would tweet less then 30 seconds later. He did that 3 times in 1 day once.
and putting it out in one comment might be wiser I think,but I guess "it is for crypto geeks" and quite unsuitable for twitter isn't it ;)
But I suppose because it was posted on some chans caring so much about authenticity was against netiquette,"problem" with redirecting gpg password generation through tor or laziness.
Short term: No decryption in email client.The best way to prevent EFAIL attacks is to only decrypt S/MIME or PGP emails in a separate application outside of your email client. Start by removing your S/MIME and PGP private keys from your email client, then decrypt incoming encrypted emails by copy&pasting the ciphertext into a separate application that does the decryption for you. That way, the email clients cannot open exfiltration channels. This is currently the safest option with the downside that the process gets more involved.
God,it isn't obvious ?
Second, the direct exfiltration attack abuses vulnerabilities in Apple Mail, iOS Mail and Mozilla Thunderbird to directly exfiltrate the plaintext of encrypted emails.
XD - it is big and dangerous vulnerability of PGP indeed :P
Let's go back to wired:
The science of cryptography has advanced dramatically since then, but PGP hasn’t, and any new implementations have to remain compatible with the features of previous tools, which can leave them vulnerable to similar exploits.
There are other faults, including the difficulty of accessing encrypted emails across multiple devices, and the issue of forward secrecy, which means that a breach potentially opens up all your past communication (unless you change your keys regularly). It’s rumoured that the NSA stockpiles encrypted messages in the hope of gaining access to the keys at a later date.
So simply: it is bad because "too hard" and because you can use the same password... i mean in this case the same key ? XD Oh that is so obvious opsec i never knew it that you have to change your password to your mailbox,and none company really demands it. Let's set some password like "123456" XD
And look more at those wired article what they propose INSTEAD:
The rise of encrypted messengers
The rise of what ? XD They are indeed well encrypted but for who,and for who are not ?
By contrast, in 2016, there were almost 50 million global downloads of the encrypted messaging app Telegram. On Twitter, links to PGP keys in the bios of journalists are being replaced by the phone numbers they use for Signal, the encrypted messaging service endorsed by leading security experts around the world. Then there’s Apple’s iMessage, and of course WhatsApp - which, in turning on end-to-end encryption for more than a billion by default has arguably done the most to take encryption to the masses. “Not only are there improvements to the encryption itself, you don’t have to do anything technical to get set-up, and you don’t really have to be worried in most cases about your data being exfiltrated,” says Boehm. Green says these apps, with their modern cryptography techniques and seamless user experience**, are “the solution” to problems of PGP. “You have all the key management problems hidden from you. They’re managed by the system.”
LOL ! ROTFL !!! XD By the system - exactly,BY THE SYSTEM XD
In PGP you can send your private key to keyserv,but you don't really have to
“It’s not going to get better tomorrow, but you can make encryption the default if you make the services good enough,” says Green. Until then, better head to the App Store.
Wired proves being for sheeple,and that not suprises me.But thank you,really thank you, it is beautiful LOLcontent,I will archive it on CD when I will be doing backup XD :D
The 3301 Cicada "recruiting program" illustrates several patterns that are similar to Q. (I've been studying Cicada a bit more lately.)
First, they both started on 4 Chan.
Second, Cicada used a PGP code which -- not being a computer genius -- I understand to be like a trip code.
Third, they both reference books and in the case of Cicada alot of obscure occult books.
A while ago there was some speculation that believed that ECW was Cicada as well as Q. I haven't found anything conclusively proving or disproving that theory. But in a documentary I just watched about Cicada it was said that Cicada kind of went dark just after the Edward Snowden revelations in 2013.
Link to the Doc if anyone's interested. I found this fascinating and I binged-watched all 4 episodes.
Not exactly similar. 3301 is much more advanced thing done by specialists, and Q isn't such one or doesn't cared about security and credibility too much.
Cicada used a PGP code which -- not being a computer genius -- I understand to be like a trip code.
Is like comparing old WW2 "Jeep" Willys to modern Abrams. Sorry Q if you read it...
And it is why: PGP is not kind of hash but it is based on asymetric key cryptography.It is NOT dependant on external webpage and NOT being only 56 bit. This 56 bit "security" of tripcode is like your router easy to hack daily (more secure if you use webpage salt,but I don't know were Q salting it or not).You don't need quantum computer for that 56 bit hash. It was better than nothing and socially acceptable in chan-like forums to use it that,but it proves he rather is not NSA insider.Trump insider - possible. Or this man/women was/is a bit lazy or don't cares about proving authenticity so much...
PGP using RSA1024 is considered too obsolete by the way so RSA4096 is used for protection of things being AES-128 like. I don't remember if in those new version of GPG you have removen the limit to 4096 or you have to look for patch on github to make it RSA16384 heh.
Anyway it is only signing, if I were sending the files i would use old good working forks of truecrypt file containers.
Trip code is tied into a bunch of factors, but once you post and dont clear cookies, you will keep getting the same tripcode. Its almost impossible for someone else to spoof the trip code.
However, Q did change tripcodes (for whatever reason), and even changed platforms a couple times, but each time anons quickly established who the real Q was.
Wait what? So there was no way to prove that it was the same person? Anons just decided that it was?
Q switched identities/forums multiple times. Don't hold me to this, but from what I remember, at least one switch was confirmed by the Anons without hard proof. But it was a long time ago and I was not paying too much attention then. Someone else here might be able to answer definitively.
No, they didn't decide it, they proved.
I'm just curious, as I didn't know this. How did they prove it if the trip code was different?
Multiple ways, but multiple zero deltas in one day for one. Q would then go over the fake Q posts and tell us which were real and which were fake.
I see, thanks.
Ah I remember this. The tripcodes were supposed to stay the same for those who had verified accounts, but somehow his tripcode got changed. It exposed the board as being compromised and also the reason for moving to 8 I believe
Q had a series of unique password protected tripcodes. Not all posts have them. An interesting thing about them is if they are copied into Google and do a book search, an entire library of Western Civilization and our ideologies, advancements, etc can be found. Some books show up that don't go with the theme, but the ones that do are whoppers. Check it out. I thing MEGA had spreadsheets of them all. There's like 1200, I think. Been a while. Hope this helps. I'll look for the spreadsheet and post it here if I find it.
please do, if you find it - my friend is a book nut and I bet he has a bunch I could borrow
This question comes up every so often, would be nice if it was in a FAQ somewhere.
The tripcode is a one-way hash output generated from a string/passphrase as a source, not unlike an md5/sha1, albeit weaker. So being able to generate the hash that Q posts under means you also know the passphrase that Q uses.. which therefore establishes that you are either the same poster as previous Q drops, or are close enough to Q that they have communicated the same passphrase to you via some out-of-band means, like among a team of folks acting under the Q rubric for example.
He did delta confirmations every time he switched trip codes. First Q posted that trip confirm was incoming, then Donald would tweet less then 30 seconds later. He did that 3 times in 1 day once.
As it was written tripcode is kind of hash function* done by the webpage on the server side on your "password".
In theory - yes.Of course user style and so on. I don't simply understand why Q were not using just gpg. Simple:
gpg --output message.sig --detach-sig message.txt
cat message.txt >> end_message
cat message.sig >> end_message
after generating the key: https://docs.github.com/en/github/authenticating-to-github/generating-a-new-gpg-key
and putting it out in one comment might be wiser I think,but I guess "it is for crypto geeks" and quite unsuitable for twitter isn't it ;)
But I suppose because it was posted on some chans caring so much about authenticity was against netiquette,"problem" with redirecting gpg password generation through tor or laziness.
*hash function if you don't know is: https://en.wikipedia.org/wiki/Hash_function
What ? You mean those vulnerability ? https://efail.de/
Migrations:
God,it isn't obvious ?
XD - it is big and dangerous vulnerability of PGP indeed :P
Let's go back to wired:
There are other faults, including the difficulty of accessing encrypted emails across multiple devices, and the issue of forward secrecy, which means that a breach potentially opens up all your past communication (unless you change your keys regularly). It’s rumoured that the NSA stockpiles encrypted messages in the hope of gaining access to the keys at a later date.
So simply: it is bad because "too hard" and because you can use the same password... i mean in this case the same key ? XD Oh that is so obvious opsec i never knew it that you have to change your password to your mailbox,and none company really demands it. Let's set some password like "123456" XD
And look more at those wired article what they propose INSTEAD:
The rise of what ? XD They are indeed well encrypted but for who,and for who are not ?
LOL ! ROTFL !!! XD By the system - exactly,BY THE SYSTEM XD
In PGP you can send your private key to keyserv,but you don't really have to
Wired proves being for sheeple,and that not suprises me.But thank you,really thank you, it is beautiful LOLcontent,I will archive it on CD when I will be doing backup XD :D
https://www.crazydaysandnights.net/2021/02/blind-items-revealed-4_7.html
This doesn't seem to have been discussed, afaik.
What to discuss, it is possible some tripcodes were stolen and some post posing as Q are fake ones. I doubt it proves anything.
Slightly tangential to this topic . . .
The 3301 Cicada "recruiting program" illustrates several patterns that are similar to Q. (I've been studying Cicada a bit more lately.)
First, they both started on 4 Chan.
Second, Cicada used a PGP code which -- not being a computer genius -- I understand to be like a trip code.
Third, they both reference books and in the case of Cicada alot of obscure occult books.
A while ago there was some speculation that believed that ECW was Cicada as well as Q. I haven't found anything conclusively proving or disproving that theory. But in a documentary I just watched about Cicada it was said that Cicada kind of went dark just after the Edward Snowden revelations in 2013.
Link to the Doc if anyone's interested. I found this fascinating and I binged-watched all 4 episodes.
3301
Not exactly similar. 3301 is much more advanced thing done by specialists, and Q isn't such one or doesn't cared about security and credibility too much.
Is like comparing old WW2 "Jeep" Willys to modern Abrams. Sorry Q if you read it... And it is why: PGP is not kind of hash but it is based on asymetric key cryptography.It is NOT dependant on external webpage and NOT being only 56 bit. This 56 bit "security" of tripcode is like your router easy to hack daily (more secure if you use webpage salt,but I don't know were Q salting it or not).You don't need quantum computer for that 56 bit hash. It was better than nothing and socially acceptable in chan-like forums to use it that,but it proves he rather is not NSA insider.Trump insider - possible. Or this man/women was/is a bit lazy or don't cares about proving authenticity so much... PGP using RSA1024 is considered too obsolete by the way so RSA4096 is used for protection of things being AES-128 like. I don't remember if in those new version of GPG you have removen the limit to 4096 or you have to look for patch on github to make it RSA16384 heh. Anyway it is only signing, if I were sending the files i would use old good working forks of truecrypt file containers.
TY for the clarification.
"TY" ? I am not American citizen and english isn't my native - can you use full words not abbreviations ? O... checked,sorry.
No reason to thank really,but it was nice,thank you too.