Find primes in regexp 6
In an earlier post the example code did find prime numbers. Recently I stumbled over a really cool regexp hack that also deals with primes. This is how you execute that regexp in Ruby:
puts 'Prime' unless ('1' * 43) =~ /^1$|^(11+?)\1+$/Change 43 to whatever you like and you will get Prime as output if it's a prime number.
EDIT: As you can see in the comments Neil Kandalonkar explained how the regexp by Abigail works.
EDIT 2011-04-06: I happened to stumble upon what I believe is the first time Abigail showed this to the world. It's in a post in comp.lang.perl.misc back in 1997. I also found that at http://www.cpan.org/misc/japh there's a couple more
perl -wle 'print "Prime" if (0 x shift) !~ m 0^\0?$|^(\0\0+?)\1+$0'
perl -wle 'print "Prime" if ("m" x shift) !~ m m^\m?$|^(\m\m+?)\1+$mm'.com
Now I've got a .com domain, you can reach this blog at http://alicebobandmallory.com/.
Simple security tokens needed 2
In an earlier post I mentioned that a security token that lets you sign your transactions is one way to go to get more secure Internet banking.
Now a couple of swedish students have shown (by also using the problem I mentioned in this post) that a security token both needs to be used in a secure manner and that it also needs to be simple for the user to know what he is actually signing. According to the press it seems that they did this as a man-in-the-middle attack. This is just speculations but it seems the reason that this were possible were that the user did not have a clear view of what he was signing.
It could have been done something like this:
- Redirect the user to a fake site (and hope that he does not investigate the certificate).
- Ask for username and challenge the user with the verification code and then login to the bank in the background.
- Try to add a new account for transfers and then tell the user he mistyped and has to login again while challenging him to verify the new account.
- Transfer money the same way.
The bank has solved the problem by adding a 9 before all login codes. I'm not convinced this is simple and obvious enough for the users. One way to make it simple could be a security device with buttons labeled "login", "sign account" and "sign amount" or such.
EDIT: Now it has started to arrive phishing mails that asks the customers of Swedbank to install ssl3.exe...
The phishing continues
The phishing attempts against Nordea are still going strong and the mails are now in almost correct swedish.
One might wonder why Nordea still haven't done any major changes. Maybe the've seen Fight Club and calculates just the way Jack does while working as an automotive manufacture recall coordinator...
What one-way hash function to use?
Cryptographic hash function takes a message of any length as input and outputs a very large but fixed length number. That number is called a message digest, fingerprint, or sometimes a cryptographic hash. They can be used to represent passwords without having to know the actual password. Such a hash can also be used as signature that makes it possible to verify that the content of a message hasn't been tampered with.
MD5 got into problems over 10 years ago and SHA-1 could to be heading the same way. Until the new standard is published I would follow the cryptographic experts advice and use SHA-2.
Ruby
require 'digest/sha2'
quickfox="The quick brown fox jumps over the lazy dog"
Digest::SHA256.hexdigest(quickfox)C#
using System.Security.Cryptography;...
ASCIIEncoding byteConverter = new ASCIIEncoding();
string quickfox="The quick brown fox jumps over the lazy dog";
HashAlgorithm sha256 = new SHA256Managed();
byte[] hash = sha256.ComputeHash(byteConverter.GetBytes(quickfox));
crypt.Text = Convert.ToBase64String(hash); 
