> Old-style trip codes can be bruteforced, though, right?

Yeah, they can, but so can everything else. The only real issue is how fast you can test each prospective key, and the amount of processing complexity (and even time) by most common ciphers is fairly similar. Ie, we're not looking at an order of magnitude difference, unless you're a cryptoanalyst and are actively exploiting a known weakness in a cipher. Of course, this is also ignoring the pigeon-hole principle, but I digress...

Wakaba tries to get around that with optional secure tripcodes, but to be honest, I've always found them a bit silly. In concept they're great, but in order for them to work part of the key must be kept secret by the board. As a result, each board has a different secret key, and secure tripcodes are different across boards. There's also the problem of recognition: it's easier to recognize by sight a common eight-character code over something longer. So the end result is... nobody uses them.

> What do you mean by tripcodes working across boards?

Probably what you thought I meant. There are some corner cases where this isn't true, but generally, if I enter a tripcode in one 2ch-style board, the result will be the same as on another board. 4chan and IIchan use different software, but the tripcodes are identical.