Re: How to determine passphrase entropy?



unruh <unruh@xxxxxxxxxxxxxxxxxxxxxxx> writes:
The key is that there is not "entropy of a password". One can only make
reasonable assumptions about the attacker's strategy

I see "entropy of a password" as shorthand for "entropy of the
distribution that the password is drawn from". The attacker's obvious
strategy is to model the distribution as closely as possible, then
search starting from the most probable passwords.
.