# Re: How to determine passphrase entropy?

*From*: Paul Rubin <no.email@xxxxxxxxxxxxxx>*Date*: Mon, 24 May 2010 16:54:12 -0700

unruh <unruh@xxxxxxxxxxxxxxxxxxxxxxx> writes:

The key is that there is not "entropy of a password". One can only make

reasonable assumptions about the attacker's strategy

I see "entropy of a password" as shorthand for "entropy of the

distribution that the password is drawn from". The attacker's obvious

strategy is to model the distribution as closely as possible, then

search starting from the most probable passwords.

.

**Follow-Ups**:**Re: How to determine passphrase entropy?***From:*unruh

**References**:**How to determine passphrase entropy?***From:*Nomen Nescio

**Re: How to determine passphrase entropy?***From:*Joseph Ashwood

**Re: How to determine passphrase entropy?***From:*Paul Rubin

**Re: How to determine passphrase entropy?***From:*unruh

- Prev by Date:
**Re: Just One Good Cipher Will Do.** - Next by Date:
**Re: How to determine passphrase entropy?** - Previous by thread:
**Re: How to determine passphrase entropy?** - Next by thread:
**Re: How to determine passphrase entropy?** - Index(es):