Tripcode

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
User avatar
Ambush Commander
DevNet Master
Posts: 3698
Joined: Mon Oct 25, 2004 9:29 pm
Location: New Jersey, US

Tripcode

Post by Ambush Commander »

Hi, I want to add a tripcode to my application

Tripcodes should be:
* Small

Tripcodes are flexible in that:
* Inputs are generally small
* They can use any printable character

Would a truncated (say, 10 letters of an) md5() hash of the secret key, username and password work? Or would a full md5 be preferable (even though it's much longer)? It appears sha256() is too big for tripcodes...
User avatar
Maugrim_The_Reaper
DevNet Master
Posts: 2704
Joined: Tue Nov 02, 2004 5:43 am
Location: Ireland

Post by Maugrim_The_Reaper »

Depending on the user base size - would seem to be workable using MD5. Like everything similar there's a small chance of a collision, but in reality how likely is that for your use?
Post Reply