HOME

TheInfoList



Click Here for Items Related To - munged password
OR:
munged password on:   [Wikipedia]   [Google]   [Amazon]

In computing, the term munge means to attempt to create a strong, secure
password A password, sometimes called a passcode (for example in Apple devices), is secret data, typically a string of characters, usually used to confirm a user's identity. Traditionally, passwords were expected to be memorized, but the large number of ...
through character substitution. "Munge" is sometimes
backronym A backronym is an acronym formed from an already existing word by expanding its letters into the words of a phrase. Backronyms may be invented with either serious or humorous intent, or they may be a type of false etymology or folk etymology. The ...
med as Modify Until Not Guessed Easily. The usage differs significantly from Mung (Mash Until No Good), because munging implies destruction of data, while mungeing implies creation of strong protection for data.


Rationale

Passwords are used to gain access to computer resources, and computer users generally choose passwords that are easy to remember, but therefore insecure. Simple passwords are easily hacked by
dictionary attack In cryptanalysis and computer security, a dictionary attack is an attack using a restricted subset of a keyspace to defeat a cipher or authentication mechanism by trying to determine its decryption key or passphrase, sometimes trying thousands or ...
ing software. If a network administrator supplies a password that is too difficult to remember, or requires that passwords be changed frequently, users tend to write their passwords down to help them remember. Many times passwords can be found on sticky notes under keyboards, behind pictures, or hidden among other desktop items—another security risk. Mungeing helps to create a strong password that the user can remember easily. The user may choose any word he or she likes, then modifies it to make it stronger.


Implementation

A strong password is often thought to require characters from at least three of the following four character sets (In addition to including characters from different sets, the password length is also a metric used to determine its strength.): Adding a number and/or special character to a password might thwart some simple
dictionary attack In cryptanalysis and computer security, a dictionary attack is an attack using a restricted subset of a keyspace to defeat a cipher or authentication mechanism by trying to determine its decryption key or passphrase, sometimes trying thousands or ...
s. However, common words should still be avoided to the simplicity of automated brute force testing of well known munged variations of the words. For example, the password "butterfly" could be munged in the following ways: The substitutions can be anything the user finds easy to remember, and which may increase an attacker's difficulties, such as: For high-security applications, mungeing may not be very effective, because it only adds 23 bits of
entropy Entropy is a scientific concept, as well as a measurable physical property, that is most commonly associated with a state of disorder, randomness, or uncertainty. The term and the concept are used in diverse fields, from classical thermodynam ...
, thus increasing the time needed to perform a brute force dictionary attack by a factor of 4–8. The increase in search space obtained by mungeing a few characters of a known word is easily matched by the continuous increase in processing power (which is more or less equivalent to "cracking speed") computers have been experiencing for some decades as a result of
Moore's Law Moore's law is the observation that the number of transistors in a dense integrated circuit (IC) doubles about every two years. Moore's law is an observation and projection of a historical trend. Rather than a law of physics, it is an empir ...
, although this can be countered for some applications by limiting password attempts to either one per few seconds or 5 per longer period of time, usually five minutes to one hour. As a rule of thumb, use of single well known words, including after commonly used munged substitutions, should be avoided. Instead, combinations of multiple random words should be used, which can be remembered easily by forming a mental story from them.


See also

*
Leet Leet (or "1337"), also known as eleet or leetspeak, is a system of modified spellings used primarily on the Internet. It often uses character replacements in ways that play on the similarity of their glyphs via reflection or other resemblance. ...


References

{{reflist


External links


Jargon File entry for munge
Password authentication Computer jargon