The pserver authentication protocol, as described in Chapter 4, How to Connect to and Authenticate Oneself to the CVS server , trivially encodes the passwords. This is only to prevent inadvertent compromise; it provides no protection against even a relatively unsophisticated attacker. For comparison, HTTP Basic Authentication (as described in RFC2068) uses BASE64 for a similar purpose. CVS uses its own algorithm, described here.

The scrambled password starts with A, which serves to identify the scrambling algorithm in use. After that follows a single octet for each character in the password, according to a fixed encoding. The values are shown here, with the encoded values in decimal. Control characters, space, and characters outside the invariant ISO 646 character set are not shown; such characters are not recommended for use in passwords. There is a long discussion of character set issues in Chapter 8, Notes on the Protocol .

        0 111           P 125           p  58
! 120   1  52   A  57   Q  55   a 121   q 113
"  53   2  75   B  83   R  54   b 117   r  32
        3 119   C  43   S  66   c 104   s  90
        4  49   D  46   T 124   d 101   t  44
% 109   5  34   E 102   U 126   e 100   u  98
&  72   6  82   F  40   V  59   f  69   v  60
' 108   7  81   G  89   W  47   g  73   w  51
(  70   8  95   H  38   X  92   h  99   x  33
)  64   9  65   I 103   Y  71   i  63   y  97
*  76   : 112   J  45   Z 115   j  94   z  62
+  67   ;  86   K  50           k  93
, 116   < 118   L  42           l  39
-  74   = 110   M 123           m  37
.  68   > 122   N  91           n  61
/  87   ? 105   O  35   _  56   o  48