Tripphrases

Bret Victor / May 18, 2008

This page presents the tripphrase, a variant on the tripcode which is more memorable, more fun, and more likely to be used. You can play with an online tripphrase generator, or download the source code.

The traditional tripcode:

worrydream !t4XAG9SVEw 05/18/08(Sun)21:56 No.226482   [Reply]
wut

The tripphrase:

worrydream (my excruciating whale shaft) 05/18/08(Sun)21:56 No.226482   [Reply]
wut

Try it out

Try playing with the password in the form below. (The password is the text after the "#" symbol in the name.)

Name
Comment

The tripphrased result would look like:

somebody (savor my present-day suppleness) 05/18/08(Sun)21:56 No.226482   [Reply]
wut

Tripcodes

4chan and similar messageboards do not allow users to register accounts. A user must provide his name (or not) each time he posts a message. Because any user can provide any name, it is easy for one user to assume another's identity.

Name
Subject
Comment
furrylover 05/18/08(Sun)21:56 No.226482
Thank you for the warm welcome!

The tripcode is a means for a user to preserve his identity. When posting a message, the user can provide a password. The password is hashed (jumbled in a way that is not easily unjumbled), and the resulting jumble, or tripcode, appears after the user's name. Someone who wants to impersonate the user will not know the password, and thus cannot reproduce the user's tripcode.

Name
Subject
Comment
furrylover !t4XAG9SVEw 05/18/08(Sun)21:56
Thank you for the warm welcome!

If two messages have the same tripcode, readers can be reasonably sure that they were written by the same person.

Non-problems with tripcodes

It is commonly said that the problem with tripcodes is that they are insufficiently cryptographically secure, providing only a 54-bit keyspace, and are thus vulnerable to brute-force attack (systematic guessing). A number of "secure tripcode" schemes have been proposed to add cryptographic strength in various ways.

This view is all wrong. Tripcode strength is perfectly adequate. A tripcode functions like the lock on your front door: it only needs to keep out casually mischievious people, because there are social mechanisms to take care of people who circumvent it. If someone breaks into your house, the police will catch them and throw them in jail. Likewise, if someone is assuming others' identities on 4chan, the moderators will catch them and ban them. (By most measures, 4chan moderators are more vigilant and responsive than the average police force.)

worrydream !t4XAG9SVEw 05/18/08(Sun)21:56 No.226482   [Reply]
I think everyone should be racially tolerant!
(USER WAS BANNED FOR THIS POST)

The real problems with tripcodes have nothing to do with bits and keyspaces, and everything to do with people.

Problem 1: Nobody uses tripcodes.

The primary problem with tripcodes is that almost nobody uses them, and the few that do are derided. All of the crypto-bits on the internet will do you no good if they're not actually used.

There are areas of 4chan where anonymity is deeply ingrained in the culture, and in these cases, no form of authentication would be socially accepted. But even in the less staunchly anonymous areas, tripcodes invite some amount of derision. Why? Probably because they just look stupid.

Unlike usernames (and on other messageboards, avatars and signatures), tripcodes serve no communicative purpose. They are not fun or interesting. The user can't choose them to convey his personality. Their only social function is to serve as a badge that the user is paranoid about being impersonated. Hence the derision.

Problem 2: Nobody looks at tripcodes.

A secondary problem with tripcodes is that almost nobody reads them. The strongest crypto-hash invented will do you no good if nobody bothers to verify it.

A tripcode is a meaningless jumble of letters and numbers. People don't remember meaningless jumbles. When reading casually, people try to not even see them -- a meaningless jumble interrupts reading flow.

Tripcodes allow someone to verify that two messages were written by the same person, but the verification must be deliberate and intentional. Comparing two jumbles letter-by-letter is a slow and boring process. Tripcodes are useless for casual verification of identity.

Tripphrases

A tripphrase functions similarly to a tripcode, in that the user enters a password which is hashed into a unique identifier. The difference is that, instead of a jumble, the result is a grammatically-valid short phrase.

worrydream (behold my furious posterior) 05/18/08(Sun)21:56 No.226482   [Reply]
worrydream (effortlessly sandblast your orbs) 05/18/08(Sun)21:56 No.226482   [Reply]
worrydream (my gloriously distended soldier) 05/18/08(Sun)21:56 No.226482   [Reply]
worrydream (objectionably whack that saleslady) 05/18/08(Sun)21:56 No.226482   [Reply]

Regarding problem 1: Tripphrases are much more likely to be used, because the user can generate one that's funny or interesting. First of all, the process of generating a tripphrase is a game. Randomly-generated phrases are often hilarious, and trying out various password permutations to discover the most hilarious is an enjoyable activity in itself.

Secondly, unlike a tripcode, a hilarious tripphrase can be worn proudly. In a sense, the user is demonstating that he "beat the game" -- after exploring an ocean of random phrases, he discovered how to generate "explode my galactic anaconda". Furthermore, because the password that generated the phrase is secret, the user possesses unique knowledge -- he is the only one in the world who can make the system display "explode my galactic anaconda". His audience's reaction is thus admiration tinted with envy, a far more inviting response than derision.

Regarding problem 2: Tripphrases are much more likely to be seen, because they are meaningful. And imposters are much more likely to be noticed, because tripphrases are memorable -- a user's name followed by a different tripphrase will immediately look wrong.

You may download the Perl source code (including word lists), or browse it online.

Boring details

This generator performs an MD5 hash of the salted password. The resulting bits are used to choose a grammatical template:

and a word for each slot. The word counts are:

The total space is around 43 bits. This may not sound like much, but it doesn't matter. It's more than enough to prevent casual cracking and accidental collisions. A determined cracker will crack it regardless of bits, at which point, social mechanisms such as moderation will prevent abuse.

The meta-point

For many problems with user-facing software, "adding more bits" is the wrong solution. The right solution often involves tapping into the user's natural cognitive and social capabilities.

To paraphrase Will Wright, your software doesn't just run on the computer -- it also runs in each of your users' heads. And to paraphrase Clay Shirky, social software also runs on the "hivemind" of the group as a whole. All together, that's an extraordinarily powerful hardware platform. Take advantage of it!