MungePass 1.1


The Program

Global Variables

First, enter how large of a segment you want to use (for example, if your word was "illuminate" and you chose a segment of 3, the program would select a segment like "min")

Segment:

Next, enter how many segments you want to use for your password (total length of password, in characters, is segment length * segments)

# of segments:

Finally, select how many passwords you want to generate.

Passwords:

Version 1: MungePass

Type the 6 words that you want to use into the following boxes. It is recommended to use words that are at least 7-8 characters long, and which are dissimilar to each other, for the best passwords.


Version 2: MungeDict

This is where you can paste a dictionary to use for creating new passwords. Ironically enough, the currently loaded dictionary is a dictionary of words that are commonly used for password-file cryptanalysis (from packetstormsecurity.nl - you can find a wide variety of word lists here). Word lists separated by newlines can be added, provided you run them through the Newline Truncator script - MungeDict works best when it is fed a list of words without spaces, newlines, or punctuation, although it will work with any list (theoretically, you could paste in randomly generated text, and this could function almost as a random-password generator).

Passwords:

Here's some debug information, if you want to see how the program is deciding your passwords:


Info

Have you ever wanted a memorable password, but couldn't deal with those true-random generators that gave you a completely unintelligible string of text? There is a solution - natural-language passwords, which are strings of text that look phonetically like words, but are more random that actual dictionary words. Theta Pi Software has a pattern-based natural-language password generator available here. However, these passwords are still patterns of letters or syllables mathematically generated from a list of random numbers.

MungePass is a unique way of creating a natural-language password based not on a random algorithm, but on words you know. With MungePass, you simply enter six words that you are familiar with, and the program combines tham into passwords that are generally immune to a dictionary attack, but are easier to remember, as they are a combination of syllables from the words you defined.

Additionally, this new version of MungePass makes it even easier for you to create passwords, even if you're blanking on some words to use. Somewhat ironically, this new version uses a text-based dictionary, the same type of dictionary that hackers use to brute-force weak passwords, as a source of characters that the new algorithm, MungeDict, scans through to select various word fragments to randomly string together. The source words do come from an actual dictionary - but the resultant combination of characters most likely can't be found in any dictionary!

Please note that while passwords generated using this program are more secure than dictionary words and personal information, they are not as random, and therefore possibly not as secure, as standard random-generated passwords. However, they will defeat the casual hacker who is not going to resort to a full-blown brute-force attack. Note, however, that short password generated using this algorithm are known to be vulnerable to default John the Ripper installations - because of this, the default is set up to generate 12-character passwords, and it would be inadvisable to use less without adding in more entropy. To make these passwords stronger and less susceptible to an attack, attach a few numbers and/or special characters to some part of the password, preferably somewhere in the middle, and without using l33tspeak, which cracking programs are designed to take into account (yes, this will make the passsword slightly harder to remember, but will improve security immensely).


License

Program is by

JavaScript must be enabled to display this email address.

Theta Pi Software 2005 (revisions 2008)

This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

Send Secure Email to Theta Pi

Known Bugs

Sometimes, the dictionary text will not initially display in the input field when using Firefox. However, the text is actually there, and the program is able to use it. If this occurs, remember to select all and delete the "empty" text box before adding your own wordlist.

Change Log

v1.1.0.1
-Changed defaults to generate 12-character passwords.
-Added language warning of susceptibility to cracking for short passwords generated using this algorithm.
v1.1
- Added the MungeDict algorithm.
- Used an RLPassWeb-style interface to put the program all on one page.
v1.0b
- First-ever release of the program.