Munged password

Munged password

In computing, the term munge /ˈmʌndʒ/ means to attempt to create a strong, secure password through character substitution. "Munge" is sometimes backronymmed as Modify Until Not Guessed Easily. The usage differs significantly from Mung (Mash Until No Good), because munging implies destruction of data, while mungeing implies creation of strong protection for data.

Contents

Rationale

Passwords are used to gain access to computer resources, and computer users generally choose passwords that are easy to remember, but therefore insecure. Simple passwords are easily hacked by dictionary attacking software.

If a network administrator supplies a password that is too difficult to remember, or requires that passwords be changed frequently, users tend to write their passwords down to help them remember. Many times passwords can be found on sticky notes under keyboards, behind pictures, or hidden among other desktop items—another security risk.

Mungeing helps to create a strong password that the user can remember easily. The user may choose any word he or she likes, then modifies it to make it stronger.

Implementation

A strong password contains characters from at least 3 of these 4 character sets:

Lower case abcdefghijklmnopqrstuvwxyz
Upper case ABCDEFGHIJKLMNOPQRSTUVWXYZ
Numbers 01234567890
Special  !@#$%^&*()-=_+<>?

Adding a number and/or special character to a password may thwart simple dictionary attacks. For example, the password "butterfly" could be munged in the following ways:

8uttErfly The b becomes an eight (B8), and any other letter can be capitalized
butt3rfl? The e becomes a three (E3), and the Y becomes a question mark (Y = Why?)
bu2Terfly The two Ts become 2T
8u2T3RfL? a combination of all the above

The substitutions can be anything the user finds easy to remember, such as:

a=@ b=8 c=( d=6 e=3 f=# g=9 h=# i=1 i=! k=< l=1
l=i o=0 q=9 s=5 s=$ t=+ v=> v=< w=uu w=2u x=% y=?

For high-security applications, mungeing may not be very effective, because it only adds 2-3 bits of entropy[citation needed], increasing the time needed to perform a dictionary attack by a factor of 4-8. The increase in search space obtained by mungeing a few characters of a known word is easily matched by the continuous increase in processing power (ie, cracking speed), although this can be countered for some applications by limiting password attempts to either one per few seconds or 5 per longer period of time, usually 5 minutes to an hour.[citation needed]

See also

References

External links


Wikimedia Foundation. 2010.

Игры ⚽ Поможем решить контрольную работу

Look at other dictionaries:

  • Hacker (computing) — In computing, hacker has several meanings: [cite web|url=http://webzone.k3.mah.se/k3jolo/HackerCultures/origins.htm|title=webzone.k3.mah.se/k3jolo/HackerCultures/origins.htm ] * A community of enthusiast computer programmers and systems designers …   Wikipedia

  • Wikipedia:Missing Wikipedians — Shortcuts: WP:MIA WP:MW WP:MISS WP:MISSYOU WP:MISS redirects here. You may be looking for Wikipedia:WikiProject …   Wikipedia

  • Mung (computer term) — Mung is computer jargon for to make repeated changes which individually may be reversible, yet which ultimately result in an unintentional, irreversible destruction of large portions of the original item. It was coined in 1958 in the Tech Model… …   Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”