[OT] Password regex change on mybills.co.il

Sun Feb 28 00:05:38 IST 2016

(And you can also use Hebrew, Chinese, emoji or any other chars as
long as there are 2 latins, 1 number and no less then 8 and no more
then 10 characters all in all)

2016-02-28 0:02 GMT+02:00 E.S. Rosenberg <esr+linux-il at g.jct.ac.il>:
> The active regex (in the file you sent) is:
>
> var passREGEX =
> /^(?=.{8,10}$)(?=(.*[0-9]){1,})(?=(.*[a-zA-Z]){2,})(?=(.*[~!@#$%^&*()+-_=])).*/i;
>
> Which says:
> 8-10 chars
> at least 1 number
> at least 2 latin chars
> any number of special chars.
>
> Note that there is no demand for capitals and no demand for at least
> one special char.
>
> I used this cute site to verify my claims:
> https://regex101.com/
>
> HTH שבוע טוב,
> Eliyahu - אליהו
>
> 2016-02-27 23:28 GMT+02:00 Omer Zak <w1 at zak.co.il>:
>> DISCLAIMER: I tested on Python's re.
>>
>> Each of the sub-patterns enclosed in (?=...) is a lookahead pattern.
>> As such, they do not consume the string, just check if it matches them.
>> The whole pattern is effectively an AND of the subpatterns.
>> The last pattern matches 8 or more characters (any character).
>>
>> Therefore, the string to be matched needs to be at least 8 characters
>> long (no upper bound) and have at least one character from each of the
>> following groups:
>> a-z
>> A-Z
>> 0-9
>> ~#%&=$-!?^@ (one of 11 specific special characters)
>>
>> The other characters may be just any character you want (including
>> spaces).
>>
>> I confirmed that the following strings match the pattern (without the
>> doublequotes):
>> "aA0~...." (8 characters long)
>> "aA0~....." (9 characters long)
>> "bzCY19#@---" (11 characters long)
>> "bzCY19^9 99" (11 characters long, with space)
>>
>> --- Omer
>>
>>
>>
>> On Sat, 2016-02-27 at 19:46 +0000, Valery Reznic wrote:
>>> Hi, All.
>>>
>>>
>>> It's not actually Linux-related, but more regular-expression question.
>>> Nevertheless ...
>>>
>>>
>>> Recently I was unable to login into site mybills.co.il
>>>
>>>
>>> Attempt to reset password also failed due to regular expression test
>>> failed.
>>>
>>>
>>> Mybills claims that password should be 8-10 characters long and
>>> should
>>> include at least two digits and Latin letters.
>>>
>>>
>>> Whatever I tried as password - I was not able to pass their regex
>>> test.
>>>
>>>
>>> After a bit of digging
>>> I found following in the https://www.mybills.co.il/js/Validations.js
>>>
>>>
>>>
>>>
>>> //var passREGEX
>>> = /^(?=.{8,10}$)(?=(.*[0-9]){2,})(?=(.*[a-zA-Z]){2,})(?=(.*[~!@#$%
>>> ^&*()+-_=])).*/;
>>> var passREGEX = /^(?=.*[a-z])(?=.*[A-Z])(?=.*[0-9])(?=.*[~#%&=\$\-\!
>>> \?\^@])(?=.{8,})/;
>>>
>>>
>>> I tried first (commented out) regex in
>>>  the regex101.com and indeed password with 2 digits and 2 Latin
>>> letters matches
>>>
>>>
>>> I tried the second (active) one- no matches.
>>>
>>>
>>> Any idea what password should looks like to match this regex?
>>>
>>>
>>> I tried to contact mybills's support - no luck here :(
>>
>>
>> --
>> $ python
>>>>> type(type(type))
>> <type 'type'>          My own blog is at http://www.zak.co.il/tddpirate/
>> My opinions, as expressed in this E-mail message, are mine alone.
>> They do not represent the official policy of any organization with which
>> I may be affiliated in any way.
>> WARNING TO SPAMMERS:  at http://www.zak.co.il/spamwarning.html
>>
>>
>> _______________________________________________
>> Linux-il mailing list
>> Linux-il at cs.huji.ac.il
>> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il