test
!!sgUwZOxIzw
test
NowC@mesTheAnswer-42
Test_2
I was testing the theories on this blog post
https://pastebin.com/P1g5RPWs
I am not a infosec expert, so please feel view this analysis with a skeptical eye, and as always, do your own research!
Q verifies his identity via a cryptographic signature, or "tripcodes." These tripcode hashes (e.g. CbboFOtcZs ) are based on the DES/crypt(3) encryption algorithm. DES (Digital Encryption Standard) was standardized in 1977 and has been largely deprecated due to widely-known weaknesses. A good primer on these weaknesses from way back in 1997 can be found here: http://personal.stevens.edu/~khockenb/crypt3.html . Tripcodes are created via the algorithm described here: http://www.thefullwiki.org/Tripcode. I suspect that if such an operation were carried out, the coordinator would at least sign messages using an algorithm from the NSA Suite B, such as the Advanced Encryption Standard (AES) or even a PGP signature so that an opponent couldn't hijack his identity as easily as has been done here. He may upgrade his standards after reading this, but frankly, it is a far too late to matter.
Using an open source password cracker (hashcat), publicly available information, and a little guess work about Q's favored key space, a user can successfully recover all of the passwords that correspond to Q tripcodes. These are posted below in chronological order of use:
Tripcode: ITPb.qbhqo - Password: Matlock
Tripcode: UW.yye1fxo - Password: M@tlock!
Tripcode: xowAT4Z3VQ - Password: Freed@m-
Tripcode: 2jsTvXXmXs - Password: F!ghtF!g
Tripcode: 4pRcUA0lBE - Password: NowC@mes
Tripcode: CbboFOtcZs - Password: StoRMkiL
Tripcode: A6yxsPKia. - Password: WeAReQ@Q