| [ < ] |
[ > ] |
|
[ << ] |
[ Up ] |
[ >> ] |
|
|
|
|
[Top] |
[Contents] |
[Index] |
[ ? ] |
4. Password scrambling algorithm
The pserver authentication protocol, as described in How to Connect to and Authenticate Oneself to the CVS server, trivially encodes the passwords. This is only to
prevent inadvertent compromise; it provides no protection against even a
relatively unsophisticated attacker. For comparison, HTTP Basic
Authentication (as described in RFC2068) uses BASE64 for a similar
purpose. CVS uses its own algorithm, described here.
The scrambled password starts with ‘A’, which serves to identify
the scrambling algorithm in use. After that follows a single octet for
each character in the password, according to a fixed encoding. The
values are shown here, with the encoded values in decimal. Control
characters, space, and characters outside the invariant ISO 646
character set are not shown; such characters are not recommended for use
in passwords. There is a long discussion of character set issues in
Notes on the Protocol.
| | 0 111 P 125 p 58
! 120 1 52 A 57 Q 55 a 121 q 113
" 53 2 75 B 83 R 54 b 117 r 32
3 119 C 43 S 66 c 104 s 90
4 49 D 46 T 124 d 101 t 44
% 109 5 34 E 102 U 126 e 100 u 98
& 72 6 82 F 40 V 59 f 69 v 60
' 108 7 81 G 89 W 47 g 73 w 51
( 70 8 95 H 38 X 92 h 99 x 33
) 64 9 65 I 103 Y 71 i 63 y 97
* 76 : 112 J 45 Z 115 j 94 z 62
+ 67 ; 86 K 50 k 93
, 116 < 118 L 42 l 39
- 74 = 110 M 123 m 37
. 68 > 122 N 91 n 61
/ 87 ? 105 O 35 _ 56 o 48
|
| [ < ] |
[ > ] |
|
[ << ] |
[ Up ] |
[ >> ] |
|
|
|
|
[Top] |
[Contents] |
[Index] |
[ ? ] |
