Educause Security Discussion mailing list archives

Re: Password entropy

From: Robert Kerr <r.kerr () CRANFIELD AC UK>
Date: Mon, 24 Jul 2006 14:17:22 +0100

On Sun, 2006-07-23 at 16:52 -0400, Valdis Kletnieks wrote:

A bit of thought will reveal a lot of other 2 and 3 character combinations
that are a lot more common ('ing', etc...).  The end result is that running
English text averages about 2.5 to 3 bits of entropy per character, and
even skript kiddie 'l33t sp33k' and that obfuscated spam stuff is probably
still under 4 bits/character (I'll go out on a limb and hypothesis that
if it's trying to pass itself off as English, and has over 3.5 bits/char
of entropy, it's been too obfuscated to be easily readable....)


A quite interesting demonstation of this concept can be found online:

http://math.ucsd.edu/~crypto/java/ENTROPY/

It's surprising to see how many letter you can guess first time.

--
 Robert Kerr

Current thread:

Re: Password entropy, (continued)
- Re: Password entropy Harold Winshel (Jul 20)
- Re: Password entropy Graham Toal (Jul 21)
- Re: Password entropy Roger Safian (Jul 21)
- Re: Password entropy Valdis Kletnieks (Jul 23)
- Re: Password entropy Roger Safian (Jul 23)
- Re: Password entropy Roger Safian (Jul 23)
- Re: Password entropy Paul Russell (Jul 23)
- Re: Password entropy James H Moore (Jul 23)
- Re: Password entropy Valdis Kletnieks (Jul 23)
- Re: Password entropy Harold Winshel (Jul 24)
- Re: Password entropy Robert Kerr (Jul 24)
- Re: Password entropy Graham Toal (Jul 24)
- Re: Password entropy Roger Safian (Jul 24)
- Re: Password entropy Graham Toal (Jul 24)
- Re: Password entropy Valdis Kletnieks (Jul 24)
- Re: Password entropy Basgen, Brian (Jul 24)
- Re: Password entropy Roger Safian (Jul 24)
- Re: Password entropy Harold Winshel (Jul 24)
- Re: Password entropy Jimmy Kuo (Jul 24)
- Re: Password entropy Valdis Kletnieks (Jul 24)
- Re: Password entropy Roger Safian (Jul 25)

(Thread continues...)