In computing, the term munge means trying to create a strong and secure password through character substitution. "Munge" is sometimes rejuvenated as M odify U ntil N ot G was awarded E asily. Its use differs significantly from Mung (Mash Until No Good), because mung ing implies the destruction of data, while munge ing implies stronger data protection.
Video Munged password
Rationale
Passwords are used to gain access to computer resources, and computer users generally opt for passwords that are easy to remember, but therefore unsafe. Simple passwords easily hacked by dictionary attack software.
If a network administrator provides passwords that are too difficult to remember, or require that passwords be changed frequently, users tend to write their passwords to help them remember. Many times passwords can be found on sticky notes under the keyboard, behind the image, or hidden among other desktop items - another security risk.
Mungeing helps create strong passwords that are easy for users to remember. Users can choose whatever word they like, then modify it to make it stronger.
Maps Munged password
Implementation
Strong passwords are often considered to require characters from at least 3 of the following 4 character sets. In fact, the length of the password is more important.
Adding special numbers and/or characters to passwords can thwart some simple dictionary attacks. However, common words should still be avoided with the simplicity of testing physical strength automatically from variations of famous munged words. For example, the "butterfly" password can be munged in the following ways:
Substitutions can be anything that is easy for users to remember, and which can increase attacker difficulties, such as:
For high security applications, mungeing may not be very effective, as it only adds 2-3 entropy bits, thus increasing the time it takes to perform a brute force dictionary attack with a 4-8 factor. The increase in search space is obtained by mungeing some characters from a word known to be easily matched by a continuous increase in processing power (which is roughly equivalent to "crack speed") the computer has experienced for decades as a result of Moore Law, although this can be overcome for some apps by limiting password attempts for one of each second or 5 per longer period of time, typically 5 minutes to an hour.
As a rule of thumb, the use of well-known words, including after the replacement of commonly used small substitutions, should be avoided. Instead, a combination of some random words should be used, which can be easily remembered by forming a mental story from them.
See also
- Leet
References
External links
- Jargon File entry for munge
Source of the article : Wikipedia
0 Comments