Go to the first, previous, next, last section, table of contents.


Password scrambling algorithm

The pserver authentication protocol, as described in section How to Connect to and Authenticate Oneself to the CVS server, trivially encodes the passwords. This is only to prevent inadvertent compromise; it provides no protection against even a relatively unsophisticated attacker. For comparison, HTTP Basic Authentication (as described in RFC2068) uses BASE64 for a similar purpose. CVS uses its own algorithm, described here.

The scrambled password starts with `A', which serves to identify the scrambling algorithm in use. After that follows a single octet for each character in the password, according to a fixed encoding. The values are shown here, with the encoded values in decimal. Control characters, space, and characters outside the invariant ISO 646 character set are not shown; such characters are not recommended for use in passwords. There is a long discussion of character set issues in section Notes on the Protocol.

        0 111           P 125           p  58
! 120   1  52   A  57   Q  55   a 121   q 113
"  53   2  75   B  83   R  54   b 117   r  32
        3 119   C  43   S  66   c 104   s  90
        4  49   D  46   T 124   d 101   t  44
% 109   5  34   E 102   U 126   e 100   u  98
&  72   6  82   F  40   V  59   f  69   v  60
' 108   7  81   G  89   W  47   g  73   w  51
(  70   8  95   H  38   X  92   h  99   x  33
)  64   9  65   I 103   Y  71   i  63   y  97
*  76   : 112   J  45   Z 115   j  94   z  62
+  67   ;  86   K  50           k  93
, 116   < 118   L  42           l  39
-  74   = 110   M 123           m  37
.  68   > 122   N  91           n  61
/  87   ? 105   O  35   _  56   o  48


Go to the first, previous, next, last section, table of contents.