GNU Info

(cvsclient.info)Password scrambling

---

Next: Protocol Prev: Connection and Authentication Up: Top

---

Enter node , (file) or (file)node

Password scrambling algorithm
*****************************

   The pserver authentication protocol, as described in Note:
Connection and Authentication, trivially encodes the passwords.  This
is only to prevent inadvertent compromise; it provides no protection
against even a relatively unsophisticated attacker.  For comparison,
HTTP Basic Authentication (as described in RFC2068) uses BASE64 for a
similar purpose.  CVS uses its own algorithm, described here.

   The scrambled password starts with `A', which serves to identify the
scrambling algorithm in use.  After that follows a single octet for
each character in the password, according to a fixed encoding.  The
values are shown here, with the encoded values in decimal.  Control
characters, space, and characters outside the invariant ISO 646
character set are not shown; such characters are not recommended for use
in passwords.  There is a long discussion of character set issues in
Note: Protocol Notes.

             0 111           P 125           p  58
     ! 120   1  52   A  57   Q  55   a 121   q 113
     "  53   2  75   B  83   R  54   b 117   r  32
             3 119   C  43   S  66   c 104   s  90
             4  49   D  46   T 124   d 101   t  44
     % 109   5  34   E 102   U 126   e 100   u  98
     &  72   6  82   F  40   V  59   f  69   v  60
     ' 108   7  81   G  89   W  47   g  73   w  51
     (  70   8  95   H  38   X  92   h  99   x  33
     )  64   9  65   I 103   Y  71   i  63   y  97
     *  76   : 112   J  45   Z 115   j  94   z  62
     +  67   ;  86   K  50           k  93
     , 116   < 118   L  42           l  39
     -  74   = 110   M 123           m  37
     .  68   > 122   N  91           n  61
     /  87   ? 105   O  35   _  56   o  48