Educause Security Discussion mailing list archives
Re: Password entropy
From: Robert Kerr <r.kerr () CRANFIELD AC UK>
Date: Mon, 24 Jul 2006 14:17:22 +0100
On Sun, 2006-07-23 at 16:52 -0400, Valdis Kletnieks wrote:
A bit of thought will reveal a lot of other 2 and 3 character combinations that are a lot more common ('ing', etc...). The end result is that running English text averages about 2.5 to 3 bits of entropy per character, and even skript kiddie 'l33t sp33k' and that obfuscated spam stuff is probably still under 4 bits/character (I'll go out on a limb and hypothesis that if it's trying to pass itself off as English, and has over 3.5 bits/char of entropy, it's been too obfuscated to be easily readable....)
A quite interesting demonstation of this concept can be found online: http://math.ucsd.edu/~crypto/java/ENTROPY/ It's surprising to see how many letter you can guess first time. -- Robert Kerr
Current thread:
- Re: Password entropy, (continued)
- Re: Password entropy Harold Winshel (Jul 20)
- Re: Password entropy Graham Toal (Jul 21)
- Re: Password entropy Roger Safian (Jul 21)
- Re: Password entropy Valdis Kletnieks (Jul 23)
- Re: Password entropy Roger Safian (Jul 23)
- Re: Password entropy Roger Safian (Jul 23)
- Re: Password entropy Paul Russell (Jul 23)
- Re: Password entropy James H Moore (Jul 23)
- Re: Password entropy Valdis Kletnieks (Jul 23)
- Re: Password entropy Harold Winshel (Jul 24)
- Re: Password entropy Robert Kerr (Jul 24)
- Re: Password entropy Graham Toal (Jul 24)
- Re: Password entropy Roger Safian (Jul 24)
- Re: Password entropy Graham Toal (Jul 24)
- Re: Password entropy Valdis Kletnieks (Jul 24)
- Re: Password entropy Basgen, Brian (Jul 24)
- Re: Password entropy Roger Safian (Jul 24)
- Re: Password entropy Harold Winshel (Jul 24)
- Re: Password entropy Jimmy Kuo (Jul 24)
- Re: Password entropy Valdis Kletnieks (Jul 24)
- Re: Password entropy Roger Safian (Jul 25)
(Thread continues...)