Re: How to determine passphrase entropy?
 From: jbriggs444 <jbriggs444@xxxxxxxxx>
 Date: Wed, 26 May 2010 09:33:22 0700 (PDT)
On May 26, 7:16 am, Phoenix <ribeiroa...@xxxxxxxxx> wrote:
On 24 Maio, 22:58, MokKong Shen <mokkong.s...@xxxxxxxxxxx> wrote:
If there is not "entropy of a password", could there be "entropy of a
message in general"?
Yes
I am afraid that the existence nonexistence
of both are somehow tightly related.
No
See an example:
key/Password/Passphrase = "aaaaaaaaaaaaaaaaaaaa"
Plaintext/message = "aaaaaaaaaaaaaaaaaaaaaaa......
Ciphertext = Hight quality entropy and outher statiscal values
The entropy value for the cipher text, depends on the algorithm.
Eh? It depends on the set of possible algorithms
and the probability distribution for choosing an algorithm from that
set.
If the algorithm is ROT13 and I know that the algorithm is ROT13
and I know the plaintext then the entropy in the ciphertext is
zero.
If the algorithm is AES256 and I know the algorithm is AES256
and I know the plaintext and key then again, the entropy in the
ciphertext is zero.
In some sense, if I look at the ciphertext and see what it is then
the entropy of that ciphertext is zero. It is what it is. With
probability 100%.
On the other hand, I can look at the ciphertext as one possible
ciphertext out of all the possible ciphertexts that could have
been generated if the algorithm was unknown but chosen from
some knowable distribution. I could do this while holding
plaintext and key constant.
In this sense, the "entropy of this particular ciphertext" can be
taken as the negative log of the probability that this particular
ciphertext would result from encoding the fixed plaintext with
the fixed key using a randomly selected algorithm.
The average entropy is given by the classical formula:
sum {p(c) * log(p(c)} over all possible ciphertexts c
If you have a hundred possible algorithms, known plaintext
and known key and you have a 64 bit ciphertext, the average
entropy in the ciphertext is bounded by 7 bits, not 64.
That's _low_ quality entropy.
.
 FollowUps:
 Re: How to determine passphrase entropy?
 From: MokKong Shen
 Re: How to determine passphrase entropy?
 References:
 How to determine passphrase entropy?
 From: Nomen Nescio
 Re: How to determine passphrase entropy?
 From: Joseph Ashwood
 Re: How to determine passphrase entropy?
 From: Paul Rubin
 Re: How to determine passphrase entropy?
 From: unruh
 Re: How to determine passphrase entropy?
 From: MokKong Shen
 Re: How to determine passphrase entropy?
 From: Phoenix
 How to determine passphrase entropy?
 Prev by Date: Re: How to determine passphrase entropy?
 Next by Date: Re: How to determine passphrase entropy?
 Previous by thread: Re: How to determine passphrase entropy?
 Next by thread: Re: How to determine passphrase entropy?
 Index(es):
Relevant Pages
