Does anyone know how the 4chan IDs are generated?
I'm trying to create a more or less anonymous website that uses IDs. At the moment I'm md5 hashing the ip, then encryting it using a password that is being generated every sunday and md5 hashing it again.
>Is this the best way to keep my users IPs safe?
>Is this the best way to prevent samefagging?
>What system is 4chan using and is it better?
pic reated, its the website. The title and images are just placeholders.
>>54391509
install wakaba
>>54391509
8ch allows for ID generating and it's libre, check it out as an example because I don't see 4chan being different.
multiple users can have the same ip
>>54391536
Thanks, i'll try this:
https://twitter.com/infinitechan/status/543384215627120640
btw What should I use as salt? A random string that is being generated once a day?
$now.=" ID:".substr(crypt(md5($_SERVER["REMOTE_ADDR"].'id'.date("Ymd", $time)),'id'),+3);
Taken from the old source code, it's probably still the same.
>>54392773
>>54391536
I'm now using a mix of both:
substr(md5(crypt(md5($_SERVER['REMOTE_ADDR'].$_POST[image]), file_get_contents("ID.txt"))),5,10)
>>54393460
I wasn't saying >>54392773 is a good solution, it's just how 4chan does it. It is truly a mess.
>>54391509
>md5
literally why
no reason at all
>>54393601
This. MD5 and SHA1 are dead for most cryptographic purposes.
>>54391509
>using md5
If you are going to release this site to the public, don't ever use md5 for encryption.
>inb4 skids using md5 hash reverser scripts
>>54393601
>>54393696
Be glad it isn't md4. Linux kernel still uses that shit.