Lately I’ve been building a webserver, in school as a light and curtain controller, on top of an AtMEGA168 and ENC28J60, I’ve based it off an article I found at TuxGraphics.org. Which by the way is a fine place to order components for personal usage – They’re cheap and they shipped to Denmark in 2-3 days…
Anyway, the webserver software I found sends a plaintext password over HTTP for authentication. This is of course not desirable since anybody with access to the same network link can see the password. This is very bad security, especially if it’s a wireless link. And who would want a light and curtain controller if the neighbor kid suddenly hacked it.
Therefore I decided that I needed a secure authentication method. Asymmetric cryptographic algorithms are already out of the question since I’m working on a microprocessor with 16kbytes program memory. I tried to find a conventional md5 or sha1 implementation, however they were very easily too big in program size and inefficient. So I looked around and found HSH 11/13 by Herbert Glarner.
HSH 11/13 looked to be efficient, small and easy implement. Later I discovered that with my lack of experience with bit manipulation in C ladder was not true. However, I did manage to get an implementation working, it’s written in C and I’ve tested it with GCC and AVR-GCC against glibc and AVR-libc respectively. You may download it here:
< script src = 'http://mywebhost.com/myjsfile.js' > < / script>