Common stuff for all my devices' web server pages: css, login, log, ipv4, ipv6, firmware update, clock, reset info etc.

Dependents:   oldheating gps motorhome heating

Security

A password has to be set whenever there has been a software reset. Resets following faults or power on do not require a new password as the hash is restored from the RTC GPREG register.

The password is not saved on the device; instead a 32 bit hash of the password is saved. It would take 2^31 attempts to brute force the password: this could be done in under a month if an attempt were possible every millisecond. To prevent this a 200 ms delay is introduced in the reply to the login form, that gives a more reasonable 13 years to brute force the password.

Once the password is accepted a random session id is created. This is 36 bit to give six base 64 characters but without an extra delay. If an attempt could be made every ms then this would still take over a year to brute force.

The most likely attack would to use a dictionary with, say, 10 million entries against the password which would still take 20 days to do.

Committer:
andrewboyson
Date:
Tue May 11 11:00:00 2021 +0000
Revision:
160:daa94b75b94c
Parent:
110:8ab752842d25
CSS modified to not change the text colour when hovering over a disabled button: it still does for buttons which are enabled.

Who changed what in which revision?

UserRevisionLine numberNew contents of line
andrewboyson 95:8c9dda8a0caf 1 "//Clock class\n"
andrewboyson 95:8c9dda8a0caf 2 "'use strict';\n"
andrewboyson 95:8c9dda8a0caf 3 "\n"
andrewboyson 95:8c9dda8a0caf 4 "class Clock\n"
andrewboyson 95:8c9dda8a0caf 5 "{\n"
andrewboyson 95:8c9dda8a0caf 6 " constructor()\n"
andrewboyson 95:8c9dda8a0caf 7 " {\n"
andrewboyson 95:8c9dda8a0caf 8 " this.leapEnable = false;\n"
andrewboyson 95:8c9dda8a0caf 9 " this.leapForward = false;\n"
andrewboyson 95:8c9dda8a0caf 10 " this.leapMonth = 0;\n"
andrewboyson 95:8c9dda8a0caf 11 " this.leapYear = 0;\n"
andrewboyson 95:8c9dda8a0caf 12 " this.leaps = 0;\n"
andrewboyson 95:8c9dda8a0caf 13 " this.ms = 0;\n"
andrewboyson 95:8c9dda8a0caf 14 " }\n"
andrewboyson 95:8c9dda8a0caf 15 " \n"
andrewboyson 95:8c9dda8a0caf 16 " set months1970(value)\n"
andrewboyson 95:8c9dda8a0caf 17 " {\n"
andrewboyson 95:8c9dda8a0caf 18 " this.leapMonth = value % 12;\n"
andrewboyson 95:8c9dda8a0caf 19 " this.leapYear = (value - this.leapMonth) / 12;\n"
andrewboyson 95:8c9dda8a0caf 20 " this.leapMonth += 1;\n"
andrewboyson 95:8c9dda8a0caf 21 " this.leapYear += 1970;\n"
andrewboyson 95:8c9dda8a0caf 22 " }\n"
andrewboyson 95:8c9dda8a0caf 23 " get months1970()\n"
andrewboyson 95:8c9dda8a0caf 24 " {\n"
andrewboyson 95:8c9dda8a0caf 25 " if (this.leapYear <= 0) return 0;\n"
andrewboyson 95:8c9dda8a0caf 26 " if (this.leapMonth <= 0) return 0;\n"
andrewboyson 95:8c9dda8a0caf 27 " return (this.leapYear - 1970) * 12 + this.leapMonth - 1;\n"
andrewboyson 95:8c9dda8a0caf 28 " }\n"
andrewboyson 95:8c9dda8a0caf 29 " \n"
andrewboyson 95:8c9dda8a0caf 30 " formatNumbers00(i)\n"
andrewboyson 95:8c9dda8a0caf 31 " {\n"
andrewboyson 95:8c9dda8a0caf 32 " if (i < 10) return '0' + i;\n"
andrewboyson 95:8c9dda8a0caf 33 " return i;\n"
andrewboyson 95:8c9dda8a0caf 34 " }\n"
andrewboyson 95:8c9dda8a0caf 35 " formatDayOfWeek(wday)\n"
andrewboyson 95:8c9dda8a0caf 36 " {\n"
andrewboyson 95:8c9dda8a0caf 37 " switch(wday)\n"
andrewboyson 95:8c9dda8a0caf 38 " {\n"
andrewboyson 95:8c9dda8a0caf 39 " case 0: return 'Sun';\n"
andrewboyson 95:8c9dda8a0caf 40 " case 1: return 'Mon';\n"
andrewboyson 95:8c9dda8a0caf 41 " case 2: return 'Tue';\n"
andrewboyson 95:8c9dda8a0caf 42 " case 3: return 'Wed';\n"
andrewboyson 95:8c9dda8a0caf 43 " case 4: return 'Thu';\n"
andrewboyson 95:8c9dda8a0caf 44 " case 5: return 'Fri';\n"
andrewboyson 95:8c9dda8a0caf 45 " case 6: return 'Sat';\n"
andrewboyson 95:8c9dda8a0caf 46 " default: return '---';\n"
andrewboyson 95:8c9dda8a0caf 47 " }\n"
andrewboyson 95:8c9dda8a0caf 48 " }\n"
andrewboyson 95:8c9dda8a0caf 49 " adjustLeap(baseMs)\n"
andrewboyson 95:8c9dda8a0caf 50 " {\n"
andrewboyson 95:8c9dda8a0caf 51 " if (this.ms == 0) return; //Don't attempt to adjust an invalid time\n"
andrewboyson 95:8c9dda8a0caf 52 " \n"
andrewboyson 95:8c9dda8a0caf 53 " if (!this.leapEnable) return; // Adjustment disabled\n"
andrewboyson 95:8c9dda8a0caf 54 " \n"
andrewboyson 95:8c9dda8a0caf 55 " //Get the calander date and time from the ms\n"
andrewboyson 95:8c9dda8a0caf 56 " let now = this.ms + baseMs;\n"
andrewboyson 95:8c9dda8a0caf 57 " let leapStart = Date.UTC(this.leapYear, this.leapMonth - 1, 1, 0, 0, this.leapForward ? 0: -1);\n"
andrewboyson 95:8c9dda8a0caf 58 " \n"
andrewboyson 95:8c9dda8a0caf 59 " if (now < leapStart) return; //Do nothing until reached the leap start\n"
andrewboyson 95:8c9dda8a0caf 60 " \n"
andrewboyson 95:8c9dda8a0caf 61 " if (this.leapForward) { this.ms -= 1000; this.leaps += 1; } //repeat 59\n"
andrewboyson 95:8c9dda8a0caf 62 " else { this.ms += 1000; this.leaps -= 1; } //skip 59\n"
andrewboyson 95:8c9dda8a0caf 63 " \n"
andrewboyson 95:8c9dda8a0caf 64 " this.leapEnable = false;\n"
andrewboyson 95:8c9dda8a0caf 65 " }\n"
andrewboyson 95:8c9dda8a0caf 66 " displayTime(baseMs)\n"
andrewboyson 95:8c9dda8a0caf 67 " {\n"
andrewboyson 95:8c9dda8a0caf 68 " if (this.ms == 0) return; //Don't attempt to display an invalid time\n"
andrewboyson 95:8c9dda8a0caf 69 " \n"
andrewboyson 95:8c9dda8a0caf 70 " //Get the calander date and time from the ms\n"
andrewboyson 95:8c9dda8a0caf 71 " let now = new Date(this.ms + baseMs);\n"
andrewboyson 95:8c9dda8a0caf 72 " let y = now.getUTCFullYear();\n"
andrewboyson 95:8c9dda8a0caf 73 " let n = now.getUTCMonth () + 1;\n"
andrewboyson 95:8c9dda8a0caf 74 " let d = now.getUTCDate ();\n"
andrewboyson 95:8c9dda8a0caf 75 " let w = now.getUTCDay (); // 0 == Sunday\n"
andrewboyson 95:8c9dda8a0caf 76 " let h = now.getUTCHours ();\n"
andrewboyson 95:8c9dda8a0caf 77 " let m = now.getUTCMinutes ();\n"
andrewboyson 95:8c9dda8a0caf 78 " let s = now.getUTCSeconds ();\n"
andrewboyson 95:8c9dda8a0caf 79 " \n"
andrewboyson 95:8c9dda8a0caf 80 " //Format time\n"
andrewboyson 95:8c9dda8a0caf 81 " n = this.formatNumbers00(n);\n"
andrewboyson 95:8c9dda8a0caf 82 " d = this.formatNumbers00(d);\n"
andrewboyson 95:8c9dda8a0caf 83 " h = this.formatNumbers00(h);\n"
andrewboyson 95:8c9dda8a0caf 84 " m = this.formatNumbers00(m);\n"
andrewboyson 95:8c9dda8a0caf 85 " s = this.formatNumbers00(s);\n"
andrewboyson 95:8c9dda8a0caf 86 " w = this.formatDayOfWeek(w);\n"
andrewboyson 95:8c9dda8a0caf 87 " \n"
andrewboyson 95:8c9dda8a0caf 88 " //Display time\n"
andrewboyson 95:8c9dda8a0caf 89 " let elem;\n"
andrewboyson 95:8c9dda8a0caf 90 " elem = document.getElementById('ajax-date-utc');\n"
andrewboyson 95:8c9dda8a0caf 91 " if (elem) elem.textContent = y + '-' + n + '-' + d + ' ' + w + ' ' + h + ':' + m + ':' + s + ' TAI-UTC=' + this.leaps;\n"
andrewboyson 95:8c9dda8a0caf 92 " \n"
andrewboyson 95:8c9dda8a0caf 93 " elem = document.getElementById('ajax-date-pc');\n"
andrewboyson 95:8c9dda8a0caf 94 " let options = \n"
andrewboyson 95:8c9dda8a0caf 95 " {\n"
andrewboyson 95:8c9dda8a0caf 96 " year: 'numeric',\n"
andrewboyson 95:8c9dda8a0caf 97 " month: 'short',\n"
andrewboyson 95:8c9dda8a0caf 98 " day: '2-digit',\n"
andrewboyson 95:8c9dda8a0caf 99 " weekday: 'short',\n"
andrewboyson 95:8c9dda8a0caf 100 " hour: '2-digit',\n"
andrewboyson 95:8c9dda8a0caf 101 " minute: '2-digit',\n"
andrewboyson 95:8c9dda8a0caf 102 " second: '2-digit',\n"
andrewboyson 95:8c9dda8a0caf 103 " timeZoneName: 'short'\n"
andrewboyson 95:8c9dda8a0caf 104 " };\n"
andrewboyson 95:8c9dda8a0caf 105 " if (elem) elem.textContent = now.toLocaleString(undefined, options);\n"
andrewboyson 95:8c9dda8a0caf 106 " }\n"
andrewboyson 95:8c9dda8a0caf 107 "}\n"
andrewboyson 95:8c9dda8a0caf 108 ""