Re: How to determine passphrase entropy?



On May 26, 7:16 am, Phoenix <ribeiroa...@xxxxxxxxx> wrote:
On 24 Maio, 22:58, Mok-Kong Shen <mok-kong.s...@xxxxxxxxxxx> wrote:

If there is not "entropy of a password", could there be "entropy of a
message in general"?

Yes

I am afraid that the existence non-existence

of both are somehow tightly related.

No

See an example:

key/Password/Passphrase = "aaaaaaaaaaaaaaaaaaaa"
Plaintext/message  = "aaaaaaaaaaaaaaaaaaaaaaa......
Ciphertext = Hight quality entropy and outher statiscal values

The entropy value for the cipher text, depends on the algorithm.

Eh? It depends on the set of possible algorithms
and the probability distribution for choosing an algorithm from that
set.

If the algorithm is ROT13 and I know that the algorithm is ROT13
and I know the plaintext then the entropy in the ciphertext is
zero.

If the algorithm is AES-256 and I know the algorithm is AES-256
and I know the plaintext and key then again, the entropy in the
ciphertext is zero.

In some sense, if I look at the ciphertext and see what it is then
the entropy of that ciphertext is zero. It is what it is. With
probability 100%.

On the other hand, I can look at the ciphertext as one possible
ciphertext out of all the possible ciphertexts that could have
been generated if the algorithm was unknown but chosen from
some knowable distribution. I could do this while holding
plaintext and key constant.

In this sense, the "entropy of this particular ciphertext" can be
taken as the negative log of the probability that this particular
ciphertext would result from encoding the fixed plaintext with
the fixed key using a randomly selected algorithm.

The average entropy is given by the classical formula:

sum {p(c) * -log(p(c)} over all possible ciphertexts c

If you have a hundred possible algorithms, known plaintext
and known key and you have a 64 bit ciphertext, the average
entropy in the ciphertext is bounded by 7 bits, not 64.

That's _low_ quality entropy.
.



Relevant Pages

  • Re: Encrypting random plaintests
    ... what the redundancy Rof the plaintext, the entropy Hof the ... encrypting a plaintext with R- for example, ... bits - every ciphertext block will be the same. ... transformation ensures indistinguishability ...
    (sci.crypt)
  • Re: True Random Number Generator
    ... is possible to guess the plaintext. ... I suppose the security of an OTP is pretty closely ... it will have less entropy than anything else (except ... the ciphertext that provides security, ...
    (sci.crypt)
  • Re: True Random Number Generator
    ... add more than 128 Shannons of entropy to the data. ... text is inversely related to the entropy density of the language. ... As to the issue of perfect security, I suppose that what is in any ... understand it) is that if a ciphertext doesn't have full entropy, ...
    (sci.crypt)
  • =?windows-1252?Q?Re=3A_Random_Keysets_are_not_=93Generated=94_per_se=2E?=
    ... logic of the encryption algorithm that is going to use them. ... maps directly to the plaintext item in hand. ... ciphertext item to a growing external file of other ciphertext. ...
    (sci.crypt)
  • Re: Encrypting random plaintests
    ... Goal is random plaintext strings. ... what the redundancy Rof the plaintext, the entropy Hof the ... bits - every ciphertext block will be the same. ...
    (sci.crypt)