The pserver authentication protocol, as described in section How to Connect to and Authenticate Oneself to the CVS server, trivially encodes the passwords. This is only to prevent inadvertent compromise; it provides no protection against even a relatively unsophisticated attacker. For comparison, HTTP Basic Authentication (as described in RFC2068) uses BASE64 for a similar purpose. CVS uses its own algorithm, described here.
The scrambled password starts with `A', which serves to identify the scrambling algorithm in use. After that follows a single octet for each character in the password, according to a fixed encoding. The values are shown here, with the encoded values in decimal. Control characters, space, and characters outside the invariant ISO 646 character set are not shown; such characters are not recommended for use in passwords. There is a long discussion of character set issues in section Notes on the Protocol.
0 111 P 125 p 58 ! 120 1 52 A 57 Q 55 a 121 q 113 " 53 2 75 B 83 R 54 b 117 r 32 3 119 C 43 S 66 c 104 s 90 4 49 D 46 T 124 d 101 t 44 % 109 5 34 E 102 U 126 e 100 u 98 & 72 6 82 F 40 V 59 f 69 v 60 ' 108 7 81 G 89 W 47 g 73 w 51 ( 70 8 95 H 38 X 92 h 99 x 33 ) 64 9 65 I 103 Y 71 i 63 y 97 * 76 : 112 J 45 Z 115 j 94 z 62 + 67 ; 86 K 50 k 93 , 116 < 118 L 42 l 39 - 74 = 110 M 123 m 37 . 68 > 122 N 91 n 61 / 87 ? 105 O 35 _ 56 o 48
Go to the first, previous, next, last section, table of contents.