# Re: How to determine passphrase entropy?

On May 26, 7:16 am, Phoenix <ribeiroa...@xxxxxxxxx> wrote:
On 24 Maio, 22:58, Mok-Kong Shen <mok-kong.s...@xxxxxxxxxxx> wrote:

If there is not "entropy of a password", could there be "entropy of a
message in general"?

Yes

I am afraid that the existence non-existence

of both are somehow tightly related.

No

See an example:

Plaintext/message  = "aaaaaaaaaaaaaaaaaaaaaaa......
Ciphertext = Hight quality entropy and outher statiscal values

The entropy value for the cipher text, depends on the algorithm.

Eh? It depends on the set of possible algorithms
and the probability distribution for choosing an algorithm from that
set.

If the algorithm is ROT13 and I know that the algorithm is ROT13
and I know the plaintext then the entropy in the ciphertext is
zero.

If the algorithm is AES-256 and I know the algorithm is AES-256
and I know the plaintext and key then again, the entropy in the
ciphertext is zero.

In some sense, if I look at the ciphertext and see what it is then
the entropy of that ciphertext is zero. It is what it is. With
probability 100%.

On the other hand, I can look at the ciphertext as one possible
ciphertext out of all the possible ciphertexts that could have
been generated if the algorithm was unknown but chosen from
some knowable distribution. I could do this while holding
plaintext and key constant.

In this sense, the "entropy of this particular ciphertext" can be
taken as the negative log of the probability that this particular
ciphertext would result from encoding the fixed plaintext with
the fixed key using a randomly selected algorithm.

The average entropy is given by the classical formula:

sum {p(c) * -log(p(c)} over all possible ciphertexts c

If you have a hundred possible algorithms, known plaintext
and known key and you have a 64 bit ciphertext, the average
entropy in the ciphertext is bounded by 7 bits, not 64.

That's _low_ quality entropy.
.