Good find. For others, “tripcodes” are just hashes (you can lookup hashing algorithms for details). You can think of a (proper) hash as putting meat into a grinder to make hamburger. You can’t turn the hamburger back into the original meat, but the hamburger should always be a little different and match perfectly with the meat that was put through the grinder.
Hashing is a process to generate a hamburger representation of the original data (meat), so you can confirm it is 1:1 with the input without needing to expose the original. However, if the exact hashing process is discovered (through tables of inputs and outputs), it is possible to derive the original data from the hashed output. To help prevent this, you can add salt (a custom additional piece of data) that only you know. This doesn’t make hash tables impossible, but if the salt rotates, it makes it harder to derive the data, because the hashing method will change, and you will have to start your tables from scratch (unless somehow you know the salt).
An extremely simple example would be if we were to hash numbers by multiplying them by 2. So we hash 4 into 8, 10 into 20, and so on. If we saw 8 and 20, we wouldn’t necessarily know the original values unless we figured out the process by providing multiple inputs and comparing outputs (which would be exceptionally easy in this case). So what we could do is take the user’s 4 and 10, and add a custom amount that only we know (say, 3) before doubling. Then 4 becomes 14, and 10 becomes 26. (This too would still be super easy to derive, but imagine this on a more complex scale). The addition of our own number is very much like the “salt” of a hash (or a encryption for that matter).
So that is the purpose of a salt. But in this case, the admins, who set the salt, now have the ability to change it in such a way that they can achieve whatever hashed value they like through trial and error. In the previous example, imagine Q has a fingerprint of 8, and the hash process adds 2 (the salt) and triples the value, so the “trip code” is 30. Well, if you change the salt to 4, the new trip code would be 36, but 30 would be the new trip code for a fingerprint of 6.
If the salt in the hashing process changes, the resulting hash should ALWAYS be different for the same input data. And if you are able to achieve the same hash after the salt has changed, there is something screwy going on.
yeah, seems indisputable with the code being that it is presuming its genuine. If so, there is a MASSIVE security hole that puts everything under new scrutiny. that should be the biggest news right now
If the source code is accurate, then yes in my mind it brings into question every q post. That being said, theres been way too many coincidences for it to be a larp
The hash (trip code) rotates routinely so Q shouldn't have the same one anymore.
However we need to look at two things. First Q always said "no outside comms" which means, he only posts in one place. If he only posts in one place, then he must, absolutely must, have some kind of authority or control in the place from which he posts. If not, then anything he ever said at any point is suspect.
In addition to that, Q knows that the average person isn't cryptographer and/or doesn't work in IT and therefore doesn't know how hashes, salted hashes (trip codes) work. So he would, presumably, have a way to get his old Trip Code back in order that his posts line up with the "person" that we're expecting to see them from.
Let's be honest, if the guy and his team are able to have half the impact they say they are having in the world and in the United States, then getting your old Trip Code back would be as easy as stirring sugar into your coffee.
I too work for the DoD, at a shipyard. DoD is absolutely huge. Remember the whole military industrial complex. And yes, I’m very well aware that I might lose my job when the federal government gets cut down to size.
Naw wasn’t mocking in any way. When I think of the DoD I think of like..the pentagon. Like a massive building complex. And I’ve never heard someone say they work at the DoD. So yea I was like...are sure you wanna say that here? It’s my ignorance. But not mocking you.
Ahhh ok, no problem then. You can never tell tone on black and white forums, so I took it the wrong way.
Nope, don't work at the Pentagon. Never even been there. I avoid DC at all costs. In fact, when I get job offers there I always tell them they can't afford me if they want me to live in DC.
then he must, absolutely must, have some kind of authority or control in the place from which he posts. If not, then anything he ever said at any point is suspect.
He must? What about after "his" power base lost power i.e. was removed from office? Would you expect "him" still to have control then?
.. just thinking out loud-- this tripcode verification was a big deal in knowing if it was actually Q. Had it been different, then everyone would have said -- "nope, not Q. False alarm... tripcodes don't match" -- but this thought is also based on everyone's knowledge of tripcodes (whereas most may not know they can be manipulated). Maybe they had to use the original code initially yesterday to get everyone's attention? Either way, it is good to know these codes are at the mercy of the adminis. Hopefully there is a legit reason like the military are in control.
makes sense, if salt changed tripcode would be different. wasn't the 'B' post deleted though as proof? or would the same admins have access to that as well
This is entirely true. Website admin may put whstever the f he wants on the website he controls. He is not limited to tripcodes and authentication here, he has full godmode iddqd-style relating to what sent back to users.
lets explore possibilities:
they can mimic any user, just set up their login as somebody else
since admins have access to database, they can add posts into db manually for specified user directly
they could even have manual htmls rendered for some content, but that's unlikely cause options above are easier to do
overall: lets see what returned Q NEW posts will proof.
he's not just running for Congress, he's sprinting while doing the heavy lifting for a Congressional seat. The guy has some serious grassroots campaigning energy. Kudos to that
Q was apparently instigated cos Trump gained access to high level security. While Trump is out of power how the fuck is anyone going to be allowed access to the same security and information who supports Trump/Q in any way?
How long would it take to 'crack' or brute force the system Q was using on the board or to compromise the admins who have access? Two years, maybe?
Who knows if it's Q or not - I sure don't. But Q appears back and has said nothing of importance, relevance or to suggest immediately that it's actually Q yet. At the very least, I'ma reserve judgement.
I think he is saying someone reset the tripcodes shortly before Q posted. So Q should have had a different tripcode too, not the same one. So it's actually suspicious that Q did have his old tripcode.
Then, unrelated, he states that the guys who are admins on the board can spoof tripcodes and could make it look like Q's tripcode if they wanted. So you have to trust the integrity of all of the board admins.
It sounds like 2 factor ID as is normal for banking and identity checks but a lot more secure. Server side means that trips are not portable, they user has to use a specific server otherwise its not verifiable.
What seems to have happened is that the admins have altered the code to allow themselves to take over any tripcode.
Is there fuckery afoot Watson? I hope not but we shall see.
Am I remembering incorrectly, or doesn't Q have a series of photos from aboard AF1? Wouldn't Q just need to post the next photo in the series? I thought Q had already done that previously to prove identity..
Has CM said anything in light of Q returning? I know he's sort of rode the coat tails of "speaking" with Q, and of course, he's running for public office now.
If this is true, do we even know if Q's migration to 8kun is legit?
if it's on the same board, it can be done by admins. they may just go and delete the post from DB.
Say, one of admins wanting to get lulz from "conspiracy theorists" could be the reason it could happen. I look forrward to future proofs. Like the one with "tip top". That would be undeniable.
If someone was pretending to be Q, don't you suppose the real Q would be aware of it and quickly return to debunk the fake Q? I hardly think Q would allow us to be fooled for any length of time by an imposter.
I wonder what this post would look like in English?
Thank you for this lol. My hungover brain was hurting and just now remembered Q posted lol
AH HAH!! Thank you, anon. So now all of Q's posts are suspect?
If the trip codes weren't secure White hats know immediately and fix it PDQ!
Good find. For others, “tripcodes” are just hashes (you can lookup hashing algorithms for details). You can think of a (proper) hash as putting meat into a grinder to make hamburger. You can’t turn the hamburger back into the original meat, but the hamburger should always be a little different and match perfectly with the meat that was put through the grinder.
Hashing is a process to generate a hamburger representation of the original data (meat), so you can confirm it is 1:1 with the input without needing to expose the original. However, if the exact hashing process is discovered (through tables of inputs and outputs), it is possible to derive the original data from the hashed output. To help prevent this, you can add salt (a custom additional piece of data) that only you know. This doesn’t make hash tables impossible, but if the salt rotates, it makes it harder to derive the data, because the hashing method will change, and you will have to start your tables from scratch (unless somehow you know the salt).
An extremely simple example would be if we were to hash numbers by multiplying them by 2. So we hash 4 into 8, 10 into 20, and so on. If we saw 8 and 20, we wouldn’t necessarily know the original values unless we figured out the process by providing multiple inputs and comparing outputs (which would be exceptionally easy in this case). So what we could do is take the user’s 4 and 10, and add a custom amount that only we know (say, 3) before doubling. Then 4 becomes 14, and 10 becomes 26. (This too would still be super easy to derive, but imagine this on a more complex scale). The addition of our own number is very much like the “salt” of a hash (or a encryption for that matter).
So that is the purpose of a salt. But in this case, the admins, who set the salt, now have the ability to change it in such a way that they can achieve whatever hashed value they like through trial and error. In the previous example, imagine Q has a fingerprint of 8, and the hash process adds 2 (the salt) and triples the value, so the “trip code” is 30. Well, if you change the salt to 4, the new trip code would be 36, but 30 would be the new trip code for a fingerprint of 6.
If the salt in the hashing process changes, the resulting hash should ALWAYS be different for the same input data. And if you are able to achieve the same hash after the salt has changed, there is something screwy going on.
Thank you for this explanation👌
I'm wondering this as well...or is this a new development?
Well they referenced the source code, only way it can be "debunked" is if that was not the actual source code
yeah, seems indisputable with the code being that it is presuming its genuine. If so, there is a MASSIVE security hole that puts everything under new scrutiny. that should be the biggest news right now
If the source code is accurate, then yes in my mind it brings into question every q post. That being said, theres been way too many coincidences for it to be a larp
Good point
There is no such thing as “Secure”. It is an Adjetive similar to “Temporary”.
This.. years, decades.. not forever..
A few counter points:
The hash (trip code) rotates routinely so Q shouldn't have the same one anymore.
However we need to look at two things. First Q always said "no outside comms" which means, he only posts in one place. If he only posts in one place, then he must, absolutely must, have some kind of authority or control in the place from which he posts. If not, then anything he ever said at any point is suspect.
In addition to that, Q knows that the average person isn't cryptographer and/or doesn't work in IT and therefore doesn't know how hashes, salted hashes (trip codes) work. So he would, presumably, have a way to get his old Trip Code back in order that his posts line up with the "person" that we're expecting to see them from.
Let's be honest, if the guy and his team are able to have half the impact they say they are having in the world and in the United States, then getting your old Trip Code back would be as easy as stirring sugar into your coffee.
member these?
https://qalerts.app/?n=3579
https://www.techradar.com/news/the-pentagon-handed-over-175m-ip-addresses-to-a-company-youve-never-heard-of
Yes, I do remember them. I work in the DoD.
You work in the Department of Defense? Like THE DoD?
The DoD is HUGE. I was a Korean Linguist / Signals Intelligence Analyst in the Army and now I work at an agency that is part of the DoD, so yes.
Amusing attempt at mockery though.
EDIT: You weren't being mocking. My apologies for the misunderstanding.
I don't think he was mocking you, fren. More along the lines of wondering why you would dox yourself.
Doxxed myself? Hundreds of people on these boards say what they do for a living, how is that doxxing?
I'm pretty sure no one knows my name, address, birth date or anything like that based off of saying I work at the DoD.
I too work for the DoD, at a shipyard. DoD is absolutely huge. Remember the whole military industrial complex. And yes, I’m very well aware that I might lose my job when the federal government gets cut down to size.
Damn, you're angry. Calm down, fren. No one here is fucking with you.
Naw wasn’t mocking in any way. When I think of the DoD I think of like..the pentagon. Like a massive building complex. And I’ve never heard someone say they work at the DoD. So yea I was like...are sure you wanna say that here? It’s my ignorance. But not mocking you.
Ahhh ok, no problem then. You can never tell tone on black and white forums, so I took it the wrong way.
Nope, don't work at the Pentagon. Never even been there. I avoid DC at all costs. In fact, when I get job offers there I always tell them they can't afford me if they want me to live in DC.
KE KU LH !
LEV MU LU ! (That's the only one I remember because I thought it was so funny)
Holy crap, I haven't used that notation in years.
Me neither... had to go back to my bestie and see if I did it right!!! hahahahaah
Hundreds of thousands of people understand hashes. It’s a basic coding principle
He must? What about after "his" power base lost power i.e. was removed from office? Would you expect "him" still to have control then?
.. just thinking out loud-- this tripcode verification was a big deal in knowing if it was actually Q. Had it been different, then everyone would have said -- "nope, not Q. False alarm... tripcodes don't match" -- but this thought is also based on everyone's knowledge of tripcodes (whereas most may not know they can be manipulated). Maybe they had to use the original code initially yesterday to get everyone's attention? Either way, it is good to know these codes are at the mercy of the adminis. Hopefully there is a legit reason like the military are in control.
makes sense, if salt changed tripcode would be different. wasn't the 'B' post deleted though as proof? or would the same admins have access to that as well
Server admins can do whatever the eff they want
You have access to the code, you have access to the database...
This is entirely true. Website admin may put whstever the f he wants on the website he controls. He is not limited to tripcodes and authentication here, he has full godmode iddqd-style relating to what sent back to users.
lets explore possibilities:
they can mimic any user, just set up their login as somebody else
since admins have access to database, they can add posts into db manually for specified user directly
they could even have manual htmls rendered for some content, but that's unlikely cause options above are easier to do
overall: lets see what returned Q NEW posts will proof.
So a spoof that has everything else line up too…like 1700 days and RvW decision etc? Mathematical likelihood?
I thought Ron quit 8kun. He’s in Arizona running for Congress. I trust Ron but I am not so sure about his Pop.
he's not just running for Congress, he's sprinting while doing the heavy lifting for a Congressional seat. The guy has some serious grassroots campaigning energy. Kudos to that
Let's see what happens now.
This is all known to Q, so let's see what he does...
I trust the TS Q more given that's a 100% WH controlled platform
"No outside comms"
It's a pretty simple thing really. Q said "no outside comms"
TQ is not Q. It is definitely somebody well connected and possibly even on the Q team, but he is not there for comms
Over my head, but appreciate the due diligence!!!
ex-fucken-actly ffs. USE LOGIC goddamn it.
Q was apparently instigated cos Trump gained access to high level security. While Trump is out of power how the fuck is anyone going to be allowed access to the same security and information who supports Trump/Q in any way?
How long would it take to 'crack' or brute force the system Q was using on the board or to compromise the admins who have access? Two years, maybe?
Who knows if it's Q or not - I sure don't. But Q appears back and has said nothing of importance, relevance or to suggest immediately that it's actually Q yet. At the very least, I'ma reserve judgement.
I'm confused what your saying can u dumb it down for me please. Thanks
8kun mods can edit the code and set the same trip code to make it look like a past Q post.
I think he is saying someone reset the tripcodes shortly before Q posted. So Q should have had a different tripcode too, not the same one. So it's actually suspicious that Q did have his old tripcode. Then, unrelated, he states that the guys who are admins on the board can spoof tripcodes and could make it look like Q's tripcode if they wanted. So you have to trust the integrity of all of the board admins.
It sounds like 2 factor ID as is normal for banking and identity checks but a lot more secure. Server side means that trips are not portable, they user has to use a specific server otherwise its not verifiable.
What seems to have happened is that the admins have altered the code to allow themselves to take over any tripcode.
Is there fuckery afoot Watson? I hope not but we shall see.
Am I remembering incorrectly, or doesn't Q have a series of photos from aboard AF1? Wouldn't Q just need to post the next photo in the series? I thought Q had already done that previously to prove identity..
This absolutely needs to be stickied.
Has CM said anything in light of Q returning? I know he's sort of rode the coat tails of "speaking" with Q, and of course, he's running for public office now.
If this is true, do we even know if Q's migration to 8kun is legit?
I think CM has some splainin to do.
This doesnt explain the anon asking for Q to remove the "B" post from his private board and Q doing so.
if it's on the same board, it can be done by admins. they may just go and delete the post from DB.
Say, one of admins wanting to get lulz from "conspiracy theorists" could be the reason it could happen. I look forrward to future proofs. Like the one with "tip top". That would be undeniable.
Yes. This is what I think is necessary as well. Even before this disclosure
Good point.
If someone was pretending to be Q, don't you suppose the real Q would be aware of it and quickly return to debunk the fake Q? I hardly think Q would allow us to be fooled for any length of time by an imposter.