How to determine passphrase entropy?
in [Cryptography]
|
From: Mok-Kong Shen on 26 May 2010 13:00 Maaartin wrote: > Mok-Kong Shen wrote: >> The concept of entropy (in information theory, CS) goes back to Shannon. >> Could you point out where Shannon mentions the dependence on >> "algorithms" in his works. Or is that your novel "insight"? > > I don't know his work, but it's just logical. Put very informally, the > entropy *here* is the amount of information you gain when you obtain > the ciphertext, which is here a function of known plaintext and known > key and unknown cipher. The only missing piece of information is the > cipher, with one of 128 ciphers selected uniformly at random it makes > 7 bits. Wouldn't you perhaps also have to take into consideration ciphers that have not yet been invented in this context? Anyway, I am not convinced, if no concrete reference to Shannon could be given. M. K. Shen
From: Bryan on 26 May 2010 13:45 Mok-Kong Shen wrote: > But that clearly indicated that the question I asked isn't after that > trivial as you claimed, right? Now you're just making stuff up. Shannon's concept of entropy is not trivial. > BTW, Mr. Olson, I have finanally clearly to ask you a question? Why do > you "bother" to question my (poor) knowledge etc. Let's check who brought up your "(poor) knowledge" -- oh look -- *you* did, Mr. Shen. > instead of looking > into the substance of what I post. If you consider that's all rubbish, > then the best way is to ignore that I've answered that many times. The problem with your posts is that you've learned to imitate the tone of scientific discussion. Consider the damage you could do if a newbie takes your nonsense seriously. > (and I recommended more than once > people to put me on their kill-file, if they don't like my posts). That's not how kill-files work. You control *your* kill-file. Other people's kill-files are none of your business. > For, if you are intellignet engough, you must have known by now that > your continued endeavours to stop my posting wouldn't work and > therefore you are only wasting the bandwidth of the group and more > importantly your own precious time with your personal attacks. Your posts can serve as a cautionary tale. -- --Bryan
From: Mok-Kong Shen on 26 May 2010 15:48 Bryan wrote: > Mok-Kong Shen wrote: >> But that clearly indicated that the question I asked isn't after that >> trivial as you claimed, right? > > Now you're just making stuff up. Shannon's concept of entropy is not > trivial. > >> BTW, Mr. Olson, I have finanally clearly to ask you a question? Why do >> you "bother" to question my (poor) knowledge etc. > > Let's check who brought up your "(poor) knowledge" -- oh look -- *you* > did, Mr. Shen. > >> instead of looking >> into the substance of what I post. If you consider that's all rubbish, >> then the best way is to ignore that > > I've answered that many times. The problem with your posts is that > you've learned to imitate the tone of scientific discussion. Consider > the damage you could do if a newbie takes your nonsense seriously. > >> (and I recommended more than once >> people to put me on their kill-file, if they don't like my posts). > > That's not how kill-files work. You control *your* kill-file. Other > people's kill-files are none of your business. > >> For, if you are intellignet engough, you must have known by now that >> your continued endeavours to stop my posting wouldn't work and >> therefore you are only wasting the bandwidth of the group and more >> importantly your own precious time with your personal attacks. > > Your posts can serve as a cautionary tale. Enough of your mean personal attacks!!! As said, I recommended you to put me in your kill-file. It's of course your freedom, whether you'll do that or not is outside my realm of influence. But I'll now put you in my kill-file. In fact you are the 2nd person in that file. Sorry that with that measure of mine your scientific arguments, if any, would "also" not be seen and answered by me in the future. You could spend as much time and energy to continue to do personal attacks on me as you like. That's not my problem! I see though my action to be the "only" effective way on my side to ("hopefully") reduce the waste of bandwidth that comes from your side. M. K. Shen
From: WTShaw on 27 May 2010 02:22
On May 23, 10:26 am, Nomen Nescio <nob...(a)dizum.com> wrote: > Hi, > > If we consider a password of n characters, given the user will probably > likely enter only alpha characters and numbers and a small set of > characters like @#$ etc. how do we calculate the actual entropy of the > password? Thanks. Personal security in crypto relies on knowledge of the processes involved whereas any process that just fools most people is not worth much. Some process, rather complicated, might leave all behind except those that are most familiar with it including how it works. The essence is that minimal security is probably the most that the most can handle and keener stuff is rather likely to be esoteric in principle. Concepts of randomness and entropy are more philosophical and subjective, qualitative rather than quantitative. Just trying to calculate them as objective for a mathematician is like figuring how many angels can dance on the head of a pin for the religious; more is more and less is less. |