Munged password
A munged password (pronounced /ˈmʌndʒd/) refers to the practice of creating a password with common replacement strategies[1] such as replacing 'S' with '$' or '5'. This can be seen as an application of leet speak.
There is a perception that munged passwords are more secure, but modern password cracking tools include rules to account for character substitutions.[2] Mungeing or leet speak has a minimal effect on password security when uncommon ("low-frequency") substitutions are used, but may decrease password security by providing a false sense of complexity.[3][4]
"Munge" is sometimes backronymmed as Modify Until Not Guessed Easily.[1] The usage differs significantly from "mung" (Mash Until No Good), as munging implies destruction of data, whereas mungeing implies that the original data can be reconstructed.
Implementation
Adding a number and/or special character to a password might thwart some simple dictionary attacks. For example, the password "Butterfly" could be munged in the following ways:
| 8uttErfly | "B" gets replaced by 8, a similar looking number, and "e" gets capitalized |
| Butt3rfl? | "e" gets replaced by 3, a similar looking number, and "y" gets replaced by ? (y, as in "why?") |
| Bu2Terfly | 2 consecutive t's are replaced by "2T" (2 t's) |
| 8u2T3RfL? | A combination of all of the above |
The substitutions can be anything the user finds easy to remember, such as:
| a=@ or 4 |
| b=8 |
| c=( |
| d=6 |
| e=3 |
| f=# |
| g=9 |
| h=# |
| i=1 or ! |
| k=< |
| l=1 or i |
| o=0 |
| q=9 |
| r=2 or 12 |
| s=5, $, or z |
| t=+ or l |
| v=> or < |
| w=uu or 2u |
| x=% |
| y=? |
See also
References
- ^ a b Singh Walia, Kanwardeep; Shenoy, Shweta; Cheng, Yuan (August 2020). An Empirical Analysis on the Usability and Security of Passwords. 2020 IEEE 21st International Conference. IEEE. pp. 1–8. doi:10.1109/IRI49571.2020.00009. ISBN 978-1-7281-1054-7.
- ^ "leetspeak.rule". GitHub. 2015-12-04. Retrieved 2025-05-02.
- ^ Medhansh Garg (2022-10-14). "Evaluation of Leet Speak on Password Strength and Security". International Journal of Scientific Research in Science and Technology: 410–422. doi:10.32628/IJSRST229567. ISSN 2395-602X.
- ^ Li, Wanda; Zeng, Jianping. "Leet Usage and Its Effect on Password Security" (PDF). Retrieved 2025-05-02.