How to determine passphrase entropy? [Cryptography]

Prev: Just One Good Cipher Will Do.
Next: R6RS YPSILON source code for an RSA cryptosystem

From: Nomen Nescio on 23 May 2010 11:26

Hi,

If we consider a password of n characters, given the user will probably
likely enter only alpha characters and numbers and a small set of
characters like @#$ etc. how do we calculate the actual entropy of the
password? Thanks.

From: amzoti on 23 May 2010 13:17

On May 23, 8:26 am, Nomen Nescio <nob...(a)dizum.com> wrote:
> Hi,
>
> If we consider a password of n characters, given the user will probably
> likely enter only alpha characters and numbers and a small set of
> characters like @#$ etc. how do we calculate the actual entropy of the
> password? Thanks.

See the bottom of: http://en.wikipedia.org/wiki/Password_strength

Also - see this NIST excel spreadsheet that does this.

[XLS]
NIST SP 800-63 password policy compliance checker - Password ...
File Format: Microsoft Excel - View as HTML
12, Many password policies (including those based on the NIST Special
Publication 800-63) use the concept of "entropy" to determine password
length and ...
www.chrisnowell.com/.../NIST%20SP%20800-63%20password%20checker.xls -
Similar

From: amzoti on 23 May 2010 13:20

From: unruh on 23 May 2010 13:33

On 2010-05-23, Nomen Nescio <nobody(a)dizum.com> wrote:
> Hi,
>
> If we consider a password of n characters, given the user will probably
> likely enter only alpha characters and numbers and a small set of
> characters like @#$ etc. how do we calculate the actual entropy of the
> password? Thanks.

entropy is a realtive number, it depends on the set and selection
process. For example, If the attacker happens to know that the password
used has a special meaning for the user, then the entropyis 0.
If you assume that the letters, characters, numbers used are used
according to their distribution in Shakespeare, you get another number.
If you assume that the pairs of letters (q is always followed by u for
example) still another one. There is no "entropy of the password".
It also depends on the attacker and his procedure for doing an
exhaustive search on the password. That is the only true measure, and of
course, unless you know the attacker, impossible to know. So you guess,
and your guess will be different from mine.

>

From: Gordon Burditt on 23 May 2010 14:38

>If we consider a password of n characters, given the user will probably
>likely enter only alpha characters and numbers and a small set of
>characters like @#$ etc. how do we calculate the actual entropy of the
>password? Thanks.

If the user chooses at random from z equally likely possible
passwords, say, by rolling dice, the number of bits of entropy
represented in the password is log2(z), where log2() is the logarithm
base 2 function. This can also be written as log(z)/log(2), where
log() is a logarithm in any base but you have to use the same base
for both log() functions in the formula.

Examples:
random decimal digit (10 choices) = 3.32 bits.
random hexadecimal digit (16 choices) = 4.00 bits.
random alphabetic lower-case letter (26 choices) = 4.7 bits.
random alphanumeric letter (both cases and digits) (62 choices) = 5.95 bits.
If you choose a word at random from a 1,000-word word list, that
represents 9.97 bits of entropy.

For passwords n characters (or words) long with characters (or
words) chosen from the same set, you can use the formula:

log(z**n) = n*log(z)

so, for example, a 10-character alphabetic lower-case password has
10*4.7 = 47 bits of entropy. A 12-digit random hexadecimal number
has 12 * 4 = 48 bits of entropy. A 5-word phrase with words chosen randomly
from a 1000-word list has 5*9.97 = 49.85 bits of entropy.

If the choices are not equally likely (a big problem when users
just "think up" a password), the formula gets more complicated, or
perhaps you can't model the user's password generation process at
all.

| Next | Last
Pages: 1 2 3 4 5 6 7 8 9 10 11
Prev: Just One Good Cipher Will Do.
Next: R6RS YPSILON source code for an RSA cryptosystem