# Re: How to determine passphrase entropy?

*From*: jbriggs444 <jbriggs444@xxxxxxxxx>*Date*: Wed, 26 May 2010 09:33:22 -0700 (PDT)

On May 26, 7:16 am, Phoenix <ribeiroa...@xxxxxxxxx> wrote:

On 24 Maio, 22:58, Mok-Kong Shen <mok-kong.s...@xxxxxxxxxxx> wrote:

If there is not "entropy of a password", could there be "entropy of a

message in general"?

Yes

I am afraid that the existence non-existence

of both are somehow tightly related.

No

See an example:

key/Password/Passphrase = "aaaaaaaaaaaaaaaaaaaa"

Plaintext/message = "aaaaaaaaaaaaaaaaaaaaaaa......

Ciphertext = Hight quality entropy and outher statiscal values

The entropy value for the cipher text, depends on the algorithm.

Eh? It depends on the set of possible algorithms

and the probability distribution for choosing an algorithm from that

set.

If the algorithm is ROT13 and I know that the algorithm is ROT13

and I know the plaintext then the entropy in the ciphertext is

zero.

If the algorithm is AES-256 and I know the algorithm is AES-256

and I know the plaintext and key then again, the entropy in the

ciphertext is zero.

In some sense, if I look at the ciphertext and see what it is then

the entropy of that ciphertext is zero. It is what it is. With

probability 100%.

On the other hand, I can look at the ciphertext as one possible

ciphertext out of all the possible ciphertexts that could have

been generated if the algorithm was unknown but chosen from

some knowable distribution. I could do this while holding

plaintext and key constant.

In this sense, the "entropy of this particular ciphertext" can be

taken as the negative log of the probability that this particular

ciphertext would result from encoding the fixed plaintext with

the fixed key using a randomly selected algorithm.

The average entropy is given by the classical formula:

sum {p(c) * -log(p(c)} over all possible ciphertexts c

If you have a hundred possible algorithms, known plaintext

and known key and you have a 64 bit ciphertext, the average

entropy in the ciphertext is bounded by 7 bits, not 64.

That's _low_ quality entropy.

.

**Follow-Ups**:**Re: How to determine passphrase entropy?***From:*Mok-Kong Shen

**References**:**How to determine passphrase entropy?***From:*Nomen Nescio

**Re: How to determine passphrase entropy?***From:*Joseph Ashwood

**Re: How to determine passphrase entropy?***From:*Paul Rubin

**Re: How to determine passphrase entropy?***From:*unruh

**Re: How to determine passphrase entropy?***From:*Mok-Kong Shen

**Re: How to determine passphrase entropy?***From:*Phoenix

- Prev by Date:
**Re: How to determine passphrase entropy?** - Next by Date:
**Re: How to determine passphrase entropy?** - Previous by thread:
**Re: How to determine passphrase entropy?** - Next by thread:
**Re: How to determine passphrase entropy?** - Index(es):