/hivemind/ patriots are OSS. You are neither.
"Logged in" is something I have never seen in any board log, even when I was a GV viewing /projectdcomms/. Hiding the username field is convenient for them if he is trying to hide "administrator" but if he is trying to hide Qs real username, I already know it. My own BV username is a shoutout.
Edit: Reverted to previous username. It's no shoutout if Q isn't there.
Salt rotation only affects secure trips, not insecure trips.
https://github.com/OpenIB/OpenIB/blob/master/inc/config.php
161 // Used to salt secure tripcodes ("##trip") and poster IDs (if enabled).162 $config['secure_trip_salt'] = ')(*&^%$#@!98765432190zyxwvutsrqponmlkjihgfedcba';
Otherwise Q would never have been able to use the insecure trips to migrate from 4chan.
All good anon, I'm still glad you pointed that piece out anyways.
Summary
https://8kun.top/faq.html
#example = !KtW6XcghiY. Hardly secure, but can be used on 4chan. Not using server secure salt. Can be cracked in a few days.
##example = !!Dz.MSNRw9M. Uses 8kun's secure salt + SHA1 encryption. Would take very long to crack with high-end processing capabilities.
###example = !!!MWI3NjdmMDQ0NmQ3. Supersecure tripcodes. 8kun's secure salt + SHA256 encryption. Forget about trying to crack these.
'salt' and 'secure_trip_salt' are separate, so rotating the secure_trip_salt affects anything using secure_trip_salt, which is found here.
https://github.com/OpenIB/OpenIB/blob/master/inc/config.php
155 // Make this something long and random for security.156 $config['cookies']['salt'] = 'abcdefghijklmnopqrstuvwxyz09123456789!@#$%^&()';...161 // Used to salt secure tripcodes ("##trip") and poster IDs (if enabled).162 $config['secure_trip_salt'] = ')(&^%$#@!98765432190zyxwvutsrqponmlkjihgfedcba';
Custom tripcodes to override generated tripcodes are also seen in config.php.
535 // Example: Custom tripcodes. The below example makes a tripcode of "#test123" evaluate to "!HelloWorld".536 // $config['custom_tripcode']['#test123'] = '!HelloWorld';537 // Example: Custom secure tripcode.538 // $config['custom_tripcode']['##securetrip'] = '!!somethingelse';
>Note that CM did not update this section to also mention supersecure tripcodes, but they still do apply as seen in functions.php.
This is what defines which tripcode method is used. 8kun checks it's database for any stored custom_tripcode and will prioritize displaying it rather than using tripcodes generated normally if present. Custom tripcode is set by an administrator with access to the internal config.php. We can also see here that secure_trip_salt is only used for secure and supersecure tripcodes. This means that the salt rotation of secure_trip_salt will not affect custom tripcodes and insecure tripcodes.
https://github.com/OpenIB/OpenIB/blob/master/inc/functions.php
2643 $salt = substr($trip . 'H..', 1, 2);2644 $salt = preg_replace('/[^.-z]/', '.', $salt);2645 $salt = strtr($salt, ':;<=>?@[]^`', 'ABCDEFGabcdef');2646 2647 if ($secure) {2648 if (isset($config['custom_tripcode']["##{$trip}"]))2649 $trip = $config['custom_tripcode']["##{$trip}"];2650 else2651 $trip = '!!' . substr(crypt($trip, str_replace('+', '.', '..A.' . substr(base64_encode(sha1($trip . $config['secure_trip_salt'], true)), 0, 4))), -10);2652 } elseif ($secure2) {2653 if (isset($config['custom_tripcode']["###{$trip}"]))2654 $trip = $config['custom_tripcode']["###{$trip}"];2655 else2656 $trip = '!!!' . substr(base64_encode(hash('sha256', $trip . $config['secure_trip_salt'])), 0,16);2657 } else {2658 if (isset($config['custom_tripcode']["#{$trip}"]))2659 $trip = $config['custom_tripcode']["#{$trip}"];2660 else2661 $trip = '!' . substr(crypt($trip, $salt), -10);2662 }
Also in functions.php we can see that IP hashes are generated similarly to secure tripcodes.
2928 if ($config['hash_masked_ip']) {2929 $masked = substr(sha1(sha1($masked . $board) . $config['secure_trip_salt']), 0, 10);2930 }
secure_trip_salt is defined in secrets.php
https://github.com/OpenIB/OpenIB/blob/master/inc/secrets.example.php
16 // Consider generating these from the following command.17 // $ cat /proc/sys/kernel/random/uuid18 $config['secure_trip_salt'] = 'generate-a-uuid';
Us oldfags are mostly responsible for why he hates /hivemind/. ArchiveAnon (Used to go by GermanArchiveAnon) was always a faggot. Back in the early days of /qresearch/ he demanded that the bakers adjust how breads are baked and formatted in order to make scraping easier for his aggregator. The bakers, BVs and I told him to eat a dick and that we don't work for him. He's had it out for us since then and by extension everyone associated, kek. Later on, he began to archive /qresearch2gen/ which was basically an anti-Q board probably out of spite. I called him out on that too.
You can replace the .html with .json of any bread and view the ID of Tor posts without the 000000 mask if it helps anyone.
Example, for this bread:
https://8kun.top/hivemind/res/23768.html
Would be
https://8kun.top/hivemind/res/23768.json
Correct. Cookie dependent.
If you're using Firefox, you can create multiple profiles. Each will have it's own set of cookies, which will have their own UIDs.
about:profiles
Enter that in the URL to access the profiles page to make a secondary profile and you can open another window in that profile.
The tripcode whitelist is for displaying tripcodes, not locking them down. Jim is an idiot.
If the tripcode is not in the whitelist, it will not print out. If the whitelist is empty, any tripcode will print out.
So Jim is claiming CM hardcoded a lock on Qs tripcode, meaning it is not affected by salt rotations.
That completely fucks up the whole point of a salt rotation.
If someone is trying to brute-force a tripcode, they will eventually crack it in time, though it will take a very very long time.
The salt rotation puts the attacker back to square 1 and they have to start their brute-force attack all over again.
If the tripcode is omitted from secure_trip_salt, then the attacker as all the fucking time in the world to crack the tripcode.
test1 - Primary profile
test2 - Secondary profile