Two questions (6)

1 Name: !WAHa.06x36 2004-12-02 14:41 ID:+Q+8n/Dg [Del]

  1. I've been considering changing the secure tripcode algorithm from using MD5 to using RC4. This would mean:

    • Secure tripcodes would work on all installations. Currently they're limited to those hosts that have the MD5 module installed, which means most, but not all. I have my own RC4 code that runs everywhere.
    • Existing secure tripcodes would all change. But they're not widely used and they vary from site to site anyway.

    Is this a good or bad idea?

  2. 100webspace just raised the bandwidth limit from 1GB to 3GB. What do I do with all this extra bandwidth? Currently the site is using somewhere around 700MB per month.

2 Name: hotaru!hoTarufiRE!!YMy/5ZNE 2004-12-02 20:15 ID:uQvpJPPg [Del]

why not add an option in to choose between MD5 and RC4?

3 Name: !WAHa.06x36 2004-12-02 20:57 ID:P5q07b3w [Del]

Well, ideally I'd like to remove the MD5 stuff from the source entirely, because I like to keep the code as lean as possible.

I could also make it use RC4 if it can't find MD5, if I went that way.

4 Name: Mr VacBob!JqK7T7zan.!!GoZhDTQ8 2004-12-05 06:32 ID:Heaven [Del]

Using RC4 as the fallback seems the best way to me; it would be too confusing to suddenly switch around everyone's tripcodes, no matter how few people use them.

(I hope your RC4 is more secure than WEP is)

5 Name: !WAHa.06x36 2004-12-05 21:23 ID:OU2gq2RA [Del]

There are problems with the fallback method too. If you install the MD5 modules, then the algorithm would change... I am leaning towards replacing it with RC4 once and for all.

And yeah, it shouldn't be vulnerable to the same things WEP is. WEP uses RC4 pretty carelessly. RC4 is a quite secure algorithm, but some care has to be taken when using it.

6 Name: !WAHa.06x36 2004-12-05 21:25 ID:OU2gq2RA [Del]

...the justification for the switchover being that very few people use secure tripcodes at the moment. It's mostly just the admins of various servers, and they can fairly easily deal with it changing.

Name: Link:
Leave these fields empty (spam trap):
More options...