(cvsclient.info.gz) Password scrambling
Info Catalog
(cvsclient.info.gz) Connection and Authentication
(cvsclient.info.gz) Top
(cvsclient.info.gz) Protocol
4 Password scrambling algorithm
*******************************
The pserver authentication protocol, as described in Connection
and Authentication, trivially encodes the passwords. This is only to
prevent inadvertent compromise; it provides no protection against even a
relatively unsophisticated attacker. For comparison, HTTP Basic
Authentication (as described in RFC2068) uses BASE64 for a similar
purpose. CVS uses its own algorithm, described here.
The scrambled password starts with `A', which serves to identify the
scrambling algorithm in use. After that follows a single octet for
each character in the password, according to a fixed encoding. The
values are shown here, with the encoded values in decimal. Control
characters, space, and characters outside the invariant ISO 646
character set are not shown; such characters are not recommended for use
in passwords. There is a long discussion of character set issues in
Protocol Notes.
0 111 P 125 p 58
! 120 1 52 A 57 Q 55 a 121 q 113
" 53 2 75 B 83 R 54 b 117 r 32
3 119 C 43 S 66 c 104 s 90
4 49 D 46 T 124 d 101 t 44
% 109 5 34 E 102 U 126 e 100 u 98
& 72 6 82 F 40 V 59 f 69 v 60
' 108 7 81 G 89 W 47 g 73 w 51
( 70 8 95 H 38 X 92 h 99 x 33
) 64 9 65 I 103 Y 71 i 63 y 97
* 76 : 112 J 45 Z 115 j 94 z 62
+ 67 ; 86 K 50 k 93
, 116 < 118 L 42 l 39
- 74 = 110 M 123 m 37
. 68 > 122 N 91 n 61
/ 87 ? 105 O 35 _ 56 o 48
Info Catalog
(cvsclient.info.gz) Connection and Authentication
(cvsclient.info.gz) Top
(cvsclient.info.gz) Protocol
automatically generated byinfo2html