Decentralized authentication

Nickname

Users may set their nickname via the /name <nickname> command. However, any nickname can be chosen by anyone, as there are no restrictions on uniqueness.

Tripcode

To attain a persistent and unique identity, a user must generate a tripcode via the /pass <secret> command. The secret is deterministically converted into a unique identifier, via an operation that is computationally infeasible to do in reverse – in other words, no one can find out which secret was used to generate a specific identifier.

For instance, the secret look_away may generate a tripcode such as jqN8nAcrWbHkBFJ5PM2McYmmGcN7BfdCWBC2dG6YejRW, which can be shortened to something like !jqN8nAc for display purposes.

As long as the user chooses their secret carefully, they are able to author their messages via a tripcode that uniquely identifies them. A good secret is at least 12-15 characters long and chosen such that it is highly unlikely that someone else would choose the exact same secret.

If no password is provided, the user will be assigned a temporary tripcode.

Tripcodes are generated client-side. In fact, a tripcode is a base58 representation of the 33-byte version of the public key in a secp256k1 keypair; the corresponding private key is the 32-byte output of the scrypt algorithm using a SHA256 hash of the secret as input material.

See the Tripcode generation page in the appendix for technical details.