t.me/shareJim/244170
You're viewing a single comment thread. View all comments, or full comment thread.
Comments (60)
sorted by:
A tripcode is a hash. Hash algorithms are made so that the result cannot be reverse engineered to figure out what the input was. A salt is a fixed random garbage that gets added to the input to make reverse engineering even harder (if it was possible at all). As long as the input and the salt are the same the result will always be the same. When you change the salt you're changing the input, the result will not be the same.
So if they "whitelisted" his tripcode, then they must have added another stage to the system where it will check the passwords entered by users with the old salt added for his result first, then if not a match do the hash again with the new salt. Either that or they have his plaintext password and now have the site check every user's entered password against that before proceeding with the hash which would be a really stupid idea.
The fact that they call this "whitelisting a tripcode" seems off to me. Instead of this whitelisting business what Q should have done was post what his new tripcode will be with the new salt before they changed the salt used by the site. Or better yet create a GPG key pair, post the public key before they changed the salt, and sign every post from now on.
Since he didn't do that, and since tripcodes are sus to me now, he'll have to include another future proof, such as a phrase he would ask Trump to use, along with his new public key in a post that will have many witnesses (witnesses to ensure the post wasn't created by the board admins after the proof occurs) in order to gain my trust as an example.
Thanks. I argued this earlier as well. A simple tippytop would do.