Re: How to determine passphrase entropy?



On 2010-05-24, Maaartin <grajcar1@xxxxxxxxx> wrote:
On May 24, 12:34?pm, Paul Rubin <no.em...@xxxxxxxxxxxxxx> wrote:
The maximum entropy as worst case for brute force search? ?Sure, you can
calculate that the obvious way, H=log2(k**n) where k is the size of the
alphabet. ?But that is pretty useless, especially since the searcher
won't normally know the length of the passphrase (it could be very long).

I wonder how closely is the expected time of brute force search
related to the entropy. Imagine me picking a 10 characters random
password consisting of letters only, where I'm biased 80:20 against
capitals. The entropy is only 54 bits instead of 57, does it mean the
search takes 8 times less?

If the attacker adapts his search strategy to take that into account,
yes.

.



Relevant Pages

  • Re: How to determine passphrase entropy?
    ... alphabet. ...  But that is pretty useless, ... I wonder how closely is the expected time of brute force search ... The entropy is only 54 bits instead of 57, ...
    (sci.crypt)
  • Re: Free Random Password Generator
    ... In article, Bill Unruh wrote: ... > whose entropy certainly is higher than glidimidwared but almost useless as ... depending on who you are concerned about stealing it. ...
    (comp.security.unix)
  • Re: header of an arithmetic coder
    ... The occurrences of these values are almost "perfect": ... (Entropy is always relative to a model, i.e. to a set of assigned probabilities) ... If you can spare an integer number of bits per symbol, then the Huffman code would be a good start for compressing the sequence down to the entropy. ... The Huffman code is determined by an algorithm that, if given an alphabet of symbols and a probability distribution on that alphabet, provides a code for each letter of the alphabet that is "as close as possible" to optimal as a code that uses an integer number of bits per symbol can be. ...
    (comp.compression)
  • Re: entropy question
    ... imagine this as a bug moving around on a table.. ... is there a way i could measure the "entropy" of this system? ... with a different letter in an alphabet of N characters. ...
    (sci.math.research)
  • Re: Randomness using computers
    ... no reason has been to dispute of physical access of ... someone to user machine: if that access was available, ... generate Entropy could be only useless. ...
    (sci.crypt)