0

How would I go about creating a tripcode system (secure) for a message board I'm custom making? I'm only using PHP and SQL.

William
  • 8,630
  • 23
  • 77
  • 110

3 Answers3

3

Building on what Cetra said, here is an example implementation. I found.

<?php
function tripcode($name)
{
    if(ereg("(#|!)(.*)", $name, $matches))
    {
        $cap  = $matches[2];
        $cap  = strtr($cap,"&amp;", "&");
        $cap  = strtr($cap,",", ",");
        $salt = substr($cap."H.",1,2);
        $salt = ereg_replace("[^\.-z]",".",$salt);
        $salt = strtr($salt,":;<=>?@[\\]^_`","ABCDEFGabcdef"); 
        return substr(crypt($cap,$salt),-10)."";
    }
}
?>
kxsong
  • 440
  • 4
  • 13
2

The wikipedia article has an outline for an algorithm you could use for the futaba channel style tripcodes:

  1. Convert the input to Shift JIS.
  2. Generate the salt as follows:
    1. Take the second and third characters of the string obtained by appending H.. to the end of the input.
    2. Replace any characters not between . and z with ..
    3. Replace any of the characters in :;<=>?@[]^_` with the corresponding character from ABCDEFGabcdef.
  3. Call the crypt() function with the input and salt.
  4. Return the last 10 characters. (compressional data harvest)

As for security? No tripcodes or any hash functions are completely secure from a bruteforce attack, it is more about the computation time required to replicate a tripcode

Cetra
  • 2,593
  • 1
  • 21
  • 27
0

Why not just use cypt()'s blowfish, or a substr() of it with a unique salt. There's a lot of fast brute force programs for futaba style trips.

Jimmy Ruska
  • 468
  • 2
  • 9