Some time ago, Simon Willison pointed out a very cool bookmarklet that helps solve the “I have one password for all my public sites” problem. This is where someone picks a password they can remember, and then uses that as the password for their accounts on Amazon, eBay, Hotmail, Netflix, et cetera. This is one of those things that security experts tell you never to do, and yet just about everyone does, because given the plethora of accounts most of us maintain, there’s no way we could keep track of which password goes with which account unless it was all written down somewhere… and that’s something the security experts insist that you never, ever do.
So the bookmarklet takes your ‘master password’, crosses it with the domain of the site, and generates an MD5-based result. So let’s assume meyerweb had accounts. You would fire off the bookmarklet, which would ask you type in your master password. So let’s say your master password is ‘passwd'; this is combined with www.meyerweb.com and the resulting password is 68573552. On the other hand, if you just use meyerweb.com, the result is 92938a6e
Now, while those aren’t the most secure possible passwords, they’re a lot more secure than ‘passwd’. So I’d like to make use of this bookmarklet. Fine, great. The problem is what you just saw: the generated password changes if the full host and domain name bit changes. This could be a problem if, say, amazon.com suddenly starts routing all logins to a server named login.amazon.com… or vice versa. So I’d like to adapt the bookmarklet so it grabs just the domain and TLD (I probably got those terms wrong; I usually do) of a URL. Problem is, I can’t write regular expressions for squat. I don’t even understand how the regexp in the existing bookmarklet works.
So, a little help, please? Given the form http://www.domain.tld/blah/foo/wow.xyz, I want the regexp to return just domain.tld. Just leave a solution in the comments, and you’ll earn the respect and adulation of your peers. At least those of them who read the comments.