How to determine passphrase entropy?
in [Cryptography]
|
From: George Orwell on 23 May 2010 17:23 > > Hi, > > > > If we consider a password of n characters, given the user will probably > > likely enter only alpha characters and numbers and a small set of > > characters like @#$ etc. how do we calculate the actual entropy of the > > password? Thanks. > > entropy is a realtive number, it depends on the set and selection > process. For example, If the attacker happens to know that the password > used has a special meaning for the user, then the entropyis 0. > If you assume that the letters, characters, numbers used are used > according to their distribution in Shakespeare, you get another number. > If you assume that the pairs of letters (q is always followed by u for > example) still another one. There is no "entropy of the password". > It also depends on the attacker and his procedure for doing an > exhaustive search on the password. That is the only true measure, and of > course, unless you know the attacker, impossible to know. So you guess, > and your guess will be different from mine. Let's suppose the set is alpha characters, digits, and 12 characters like the ones from the top row of keys on your keyboard. Let's suppose the password is n characters long and doesn't have to be a word, any combination. I'm new to this and this isn't a trick question or if it is it's not intentional. I'm trying to learn how this works. Can anybody give me an idea? Just based on the simple example I asked about..... Il mittente di questo messaggio|The sender address of this non corrisponde ad un utente |message is not related to a real reale ma all'indirizzo fittizio|person but to a fake address of an di un sistema anonimizzatore |anonymous system Per maggiori informazioni |For more info https://www.mixmaster.it
From: unruh on 23 May 2010 18:47 On 2010-05-23, George Orwell <nobody(a)mixmaster.it> wrote: >> > Hi, >> > >> > If we consider a password of n characters, given the user will probably >> > likely enter only alpha characters and numbers and a small set of >> > characters like @#$ etc. how do we calculate the actual entropy of the >> > password? Thanks. >> >> entropy is a realtive number, it depends on the set and selection >> process. For example, If the attacker happens to know that the password >> used has a special meaning for the user, then the entropyis 0. >> If you assume that the letters, characters, numbers used are used >> according to their distribution in Shakespeare, you get another number. >> If you assume that the pairs of letters (q is always followed by u for >> example) still another one. There is no "entropy of the password". >> It also depends on the attacker and his procedure for doing an >> exhaustive search on the password. That is the only true measure, and of >> course, unless you know the attacker, impossible to know. So you guess, >> and your guess will be different from mine. > > Let's suppose the set is alpha characters, digits, and 12 characters like > the ones from the top row of keys on your keyboard. Let's suppose the > password is n characters long and doesn't have to be a word, any > combination. I'm new to this and this isn't a trick question or if it is > it's not intentional. I'm trying to learn how this works. Can anybody give > me an idea? Just based on the simple example I asked about..... If yo uwant to be incredibly naive, and assume that the person ( and the attacker) randomly (without bias) chooses each character from the 74 characters you specified (26LC, 26UC, 10 numbers and 12 characters) Then the number of combinations of N letters is 74^N. or 2^(6.2N) different passwords. thus the "entropy" is 6.2N bits. But of course nobody actually picks from those 74 chacters at random and smart attackers know this and do not attack it by going through all 74^N possiblilities. There are all kinds of psychological biases -- lowercase letters more prevelant than upper case, which are more prevelant than numbers which ae more prevelant than the special characters. And a good search will be biased in that way. dzP8 will be rarer than daly say. But at this point figuring out what the entropy of a given password is, given the biases in the searches, and in people's choices becomes very very difficult. Thus for example, using your name Orwell would in theory be as rare as any other 6 letter word, 6.4*6= 38 bits of entropy, but it is clearly not. Given that it is your name (well lets pretend) its entropy is probably of the order of 4 or 5 bits, not 38 bits. As I said, entropy is a relative concept.
From: Paul Rubin on 24 May 2010 00:16 Nomen Nescio <nobody(a)dizum.com> writes: > If we consider a password of n characters, given the user will probably > likely enter only alpha characters and numbers and a small set of > characters like @#$ etc. how do we calculate the actual entropy of the > password? Thanks. If you mean a password supplied by the user, it is drawn from an unknown distribution so there is no way for a program to compute or estimate the entropy. If you want a password with known entropy, you have to generate it from a known distribution (i.e. with an RNG) and assign it to the user.
From: Joseph Ashwood on 24 May 2010 03:15 "Nomen Nescio" <nobody(a)dizum.com> wrote in message news:d43942f964b20a8fc183f1ed16cb4c2d(a)dizum.com... > If we consider a password of n characters, given the user will probably > likely enter only alpha characters and numbers and a small set of > characters like @#$ etc. how do we calculate the actual entropy of the > password? Thanks. While a perfect number is impossible, if you have a large enough set of users you can check the passwords against each other, this gives a distribution for general purposes. Enough samples and you can get an estimate of the real entropy of the password. With the list of compromised passwords available from a few locations I immediately see much connection between entropy and length (most common password 6 characters "123456", second 8 characters "password"). Won't give an accurate answer until you get unlimited samples, but should allow for a reasonably close approximation. Joe
From: Paul Rubin on 24 May 2010 03:57
"Joseph Ashwood" <ashwood(a)msn.com> writes: > While a perfect number is impossible, if you have a large enough set > of users you can check the passwords against each other, this gives a > distribution for general purposes. That doesn't make any sense. Each person picks a password from their own distribution. You can't usefully treat them as being drawn from one monstrous distribution. There's a bunch of cheesy tests you can use to filter out obviously bad passwords, but in the end if you're running a high-security application, you simply can't rely on passwords for authentication. If you're running a casual web forum or the like, you don't have to worry too much about password entropy. Also, checking passwords against each other isn't so good since it means you're storing them as unsalted hashes or even in the clear. |