salt.cgi | secure tripcodes

$name .= '!!'.substr(base64_encode(pack("H*",sha1($sectrip.$salt))),0,15);

I think that's how secure trips are generated based on shiichan source and some googling.

possible guesses of $salt are generated from openssl rand 448 (this is how salt.cgi was generated) or the string LOLLOLOLOLOLOLOLOLOLOLOLOLOLOLOL

imageboards are similar yet they use a different salt.

also someone get me that salt.cgi : |

i think http://desktopthread.com/tripcode.php has a working version of it (see dis.4chan Secure Tripcode)

sdfsdjjjkl

sdfsdjjjkl

sdfsdjjjkl

sdfsdjjjkl

sdfsdjjjkl

sdfsdjjjkl

sdfsdjjjkl

sdfsdjjjkl

sdfsdjjjkl

sdfsdjjjkl

sdfsdjjjkl

sdfsdjjjkl

sdfsdjjjkl

sdfsdjjjkl

sdfsdjjjkl

sdfsdjjjkl

sdfsdjjjkl

sdfsdjjjkl

sdfsdjjjkl

asdfasdfasdf

asdfasdfasdf

test.

test2.

asa

asa

testin

fag

hai guise

>>188
Are you a wizard?

TEST

test

Testing.

TSET

test

.

..

t

WTF IS GOING ON??!?!? THE EMPIRE SPAMS BACK??!?

    } else {

        $salt = strtr(preg_replace("/[^\.-z]/",".",substr($trip."H.",1,2)),":;<=>?@[\\]^_`","ABCDEFGabcdef");
        $trip = substr(crypt($trip, $salt),-10);
        $name.=" <span class=\"postertrip\">!".$trip;
        }
    }


    if ($sectrip != "") {
        $salt = "LOLLOLOLOLOLOLOLOLOLOLOLOLOLOLOL"; #this is ONLY used if the host doesn't have openssl
                                                #I don't know a better way to get random data
    if (file_exists(SALTFILE)) { #already generated a key
        $salt = file_get_contents(SALTFILE);
    } else {
        system("openssl rand 448 > '".SALTFILE."'",$err);
        if ($err === 0) {
            chmod(SALTFILE,0400);
            $salt = file_get_contents(SALTFILE);
        }
    }
        $sha = base64_encode(pack("H*",sha1($sectrip.$salt)));
        $sha = substr($sha,0,11);
            if($trip=="") $name.=" <span class=\"postertrip\">";
            $name.="!!".$sha;
    }

excerpt from http://tanami.org/overscript/files/yotsuba.txt