Re: How to determine passphrase entropy?


If we consider a password of n characters, given the user will probably
likely enter only alpha characters and numbers and a small set of
characters like @#$ etc. how do we calculate the actual entropy of the
password? Thanks.

entropy is a realtive number, it depends on the set and selection
process. For example, If the attacker happens to know that the password
used has a special meaning for the user, then the entropyis 0.
If you assume that the letters, characters, numbers used are used
according to their distribution in Shakespeare, you get another number.
If you assume that the pairs of letters (q is always followed by u for
example) still another one. There is no "entropy of the password".
It also depends on the attacker and his procedure for doing an
exhaustive search on the password. That is the only true measure, and of
course, unless you know the attacker, impossible to know. So you guess,
and your guess will be different from mine.

Let's suppose the set is alpha characters, digits, and 12 characters like
the ones from the top row of keys on your keyboard. Let's suppose the
password is n characters long and doesn't have to be a word, any
combination. I'm new to this and this isn't a trick question or if it is
it's not intentional. I'm trying to learn how this works. Can anybody give
me an idea? Just based on the simple example I asked about.....

Il mittente di questo messaggio|The sender address of this
non corrisponde ad un utente |message is not related to a real
reale ma all'indirizzo fittizio|person but to a fake address of an
di un sistema anonimizzatore |anonymous system
Per maggiori informazioni |For more info