Top Qs
Timeline
Chat
Perspective
Munged password
Password created with common replacement strategies From Wikipedia, the free encyclopedia
Remove ads
A munged password (pronounced /ˈmʌndʒd/) refers to the practice of creating a password with common replacement strategies[1] such as replacing 'S' with '$' or '5'. This can be seen as an application of leet speak.
There is a perception that munged passwords are more secure, but modern password cracking tools include rules to account for character substitutions.[2] Mungeing or leet speak has a minimal effect on password security when uncommon ("low-frequency") substitutions are used, but may decrease password security by providing a false sense of complexity.[3][4]
"Munge" is sometimes backronymmed as Modify Until Not Guessed Easily.[1] The usage differs significantly from "mung" (Mash Until No Good), as munging implies destruction of data, whereas mungeing implies that the original data can be reconstructed.
Remove ads
Implementation
Adding a number and/or special character to a password might thwart some simple dictionary attacks. For example, the password "Butterfly" could be munged in the following ways:
| 8uttErfly | "B" gets replaced by 8, a similar looking number, and "e" gets capitalized |
| Butt3rfl? | "e" gets replaced by 3, a similar looking number, and "y" gets replaced by ? (y, as in "why?") |
| Bu2Terfly | 2 consecutive t's are replaced by "2T" (2 t's) |
| 8u2T3RfL? | A combination of all of the above |
The substitutions can be anything the user finds easy to remember, such as:
| a=@ or 4 |
| b=8 |
| c=( |
| d=6 |
| e=3 |
| f=# |
| g=9 |
| h=# |
| i=1 or ! |
| k=< |
| l=1 or i |
| o=0 |
| q=9 |
| r=2 or 12 |
| s=5, $, or z |
| t=+ or l |
| v=> or < |
| w=uu or 2u |
| x=% |
| y=? |
Remove ads
See also
References
External links
Wikiwand - on
Seamless Wikipedia browsing. On steroids.
Remove ads