Andrew Boyson / web

Common stuff for all my devices' web server pages: css, login, log, ipv4, ipv6, firmware update, clock, reset info etc.

Dependents:   oldheating gps motorhome heating

Security

A password has to be set whenever there has been a software reset. Resets following faults or power on do not require a new password as the hash is restored from the RTC GPREG register.

The password is not saved on the device; instead a 32 bit hash of the password is saved. It would take 2^31 attempts to brute force the password: this could be done in under a month if an attempt were possible every millisecond. To prevent this a 200 ms delay is introduced in the reply to the login form, that gives a more reasonable 13 years to brute force the password.

Once the password is accepted a random session id is created. This is 36 bit to give six base 64 characters but without an extra delay. If an attempt could be made every ms then this would still take over a year to brute force.

The most likely attack would to use a dictionary with, say, 10 million entries against the password which would still take 20 days to do.

firmware/http-firmware-script.inc@49:66f5471a19dc, 2019-02-28 (annotated)

Committer:
andrewboyson
Date:
Thu Feb 28 14:45:37 2019 +0000
Revision:
49:66f5471a19dc
Parent:
48:4e678727c4c9
Child:
50:edd44fe9320f
Corrected some styling and the firmware ajax information

Who changed what in which revision?

UserRevisionLine numberNew contents of line
andrewboyson 48:4e678727c4c9 1 "var file;\n"
andrewboyson 46:1822fdbe6c0c 2 "var xhr;\n"
andrewboyson 48:4e678727c4c9 3 "var fr;\n"
andrewboyson 48:4e678727c4c9 4 "var checksum;\n"
andrewboyson 48:4e678727c4c9 5 "\n"
andrewboyson 46:1822fdbe6c0c 6 "function xhrOnLoad()\n"
andrewboyson 46:1822fdbe6c0c 7 "{\n"
andrewboyson 46:1822fdbe6c0c 8 " if (xhr.status == 200) document.getElementById('result').innerHTML = xhr.responseText;\n"
andrewboyson 46:1822fdbe6c0c 9 " else document.getElementById('result').innerHTML = 'Upload failed';\n"
andrewboyson 46:1822fdbe6c0c 10 "}\n"
andrewboyson 46:1822fdbe6c0c 11 "function xhrOnError()\n"
andrewboyson 46:1822fdbe6c0c 12 "{\n"
andrewboyson 46:1822fdbe6c0c 13 " document.getElementById('result').innerHTML = 'Upload error';\n"
andrewboyson 46:1822fdbe6c0c 14 "}\n"
andrewboyson 48:4e678727c4c9 15 "function startXhr()\n"
andrewboyson 48:4e678727c4c9 16 "{\n"
andrewboyson 48:4e678727c4c9 17 " document.getElementById('result').innerHTML = 'Uploading...';\n"
andrewboyson 48:4e678727c4c9 18 " \n"
andrewboyson 48:4e678727c4c9 19 " xhr = new XMLHttpRequest();\n"
andrewboyson 48:4e678727c4c9 20 "\n"
andrewboyson 48:4e678727c4c9 21 " xhr.onload = xhrOnLoad;\n"
andrewboyson 48:4e678727c4c9 22 " xhr.onerror = xhrOnError;\n"
andrewboyson 48:4e678727c4c9 23 "\n"
andrewboyson 49:66f5471a19dc 24 " xhr.open('POST', '/firmware-ajax?checksum=' + checksum, true);\n"
andrewboyson 48:4e678727c4c9 25 " xhr.send(file);\n"
andrewboyson 48:4e678727c4c9 26 "}\n"
andrewboyson 48:4e678727c4c9 27 "\n"
andrewboyson 48:4e678727c4c9 28 "function frOnLoad()\n"
andrewboyson 48:4e678727c4c9 29 "{\n"
andrewboyson 48:4e678727c4c9 30 " var arrayBuffer = fr.result;\n"
andrewboyson 48:4e678727c4c9 31 " var bytes = new Uint8Array(arrayBuffer);\n"
andrewboyson 48:4e678727c4c9 32 " for ( i = 0; i < bytes.length; ++i )\n"
andrewboyson 48:4e678727c4c9 33 " {\n"
andrewboyson 48:4e678727c4c9 34 " checksum = (checksum + bytes[i]) >>> 0;\n"
andrewboyson 48:4e678727c4c9 35 " }\n"
andrewboyson 48:4e678727c4c9 36 " startXhr();\n"
andrewboyson 48:4e678727c4c9 37 "}\n"
andrewboyson 48:4e678727c4c9 38 "function frOnError()\n"
andrewboyson 48:4e678727c4c9 39 "{\n"
andrewboyson 48:4e678727c4c9 40 " document.getElementById('result').innerHTML = 'Check sum calculation error';\n"
andrewboyson 48:4e678727c4c9 41 "}\n"
andrewboyson 48:4e678727c4c9 42 "function startChecksumCalculation()\n"
andrewboyson 48:4e678727c4c9 43 "{\n"
andrewboyson 48:4e678727c4c9 44 " document.getElementById('result').innerHTML = 'Calculating checksum...';\n"
andrewboyson 48:4e678727c4c9 45 " \n"
andrewboyson 48:4e678727c4c9 46 " checksum = 0;\n"
andrewboyson 48:4e678727c4c9 47 " \n"
andrewboyson 48:4e678727c4c9 48 " fr = new FileReader();\n"
andrewboyson 48:4e678727c4c9 49 " fr.onload = frOnLoad;\n"
andrewboyson 48:4e678727c4c9 50 " fr.onerror = frOnError;\n"
andrewboyson 48:4e678727c4c9 51 " \n"
andrewboyson 48:4e678727c4c9 52 " fr.readAsArrayBuffer(file);\n"
andrewboyson 48:4e678727c4c9 53 "}\n"
andrewboyson 46:1822fdbe6c0c 54 "\n"
andrewboyson 46:1822fdbe6c0c 55 "function startUpload()\n"
andrewboyson 46:1822fdbe6c0c 56 "{\n"
andrewboyson 46:1822fdbe6c0c 57 " var fileInput = document.getElementById('fileInput');\n"
andrewboyson 46:1822fdbe6c0c 58 "\n"
andrewboyson 46:1822fdbe6c0c 59 " if (fileInput.files.length == 0)\n"
andrewboyson 46:1822fdbe6c0c 60 " {\n"
andrewboyson 46:1822fdbe6c0c 61 " document.getElementById('result').innerHTML = 'Please choose a file';\n"
andrewboyson 46:1822fdbe6c0c 62 " return;\n"
andrewboyson 46:1822fdbe6c0c 63 " }\n"
andrewboyson 46:1822fdbe6c0c 64 "\n"
andrewboyson 46:1822fdbe6c0c 65 " if (fileInput.files.length > 1)\n"
andrewboyson 46:1822fdbe6c0c 66 " {\n"
andrewboyson 46:1822fdbe6c0c 67 " document.getElementById('result').innerHTML = 'Please choose just one file';\n"
andrewboyson 46:1822fdbe6c0c 68 " return;\n"
andrewboyson 46:1822fdbe6c0c 69 " }\n"
andrewboyson 48:4e678727c4c9 70 " \n"
andrewboyson 48:4e678727c4c9 71 " file = fileInput.files[0];\n"
andrewboyson 48:4e678727c4c9 72 " \n"
andrewboyson 48:4e678727c4c9 73 " startChecksumCalculation();\n"
andrewboyson 48:4e678727c4c9 74 "}\n"
andrewboyson 48:4e678727c4c9 75 ""