Questions tagged [entropy]
In computing, entropy is the randomness collected by an operating system or application for use in cryptography or other uses that require random data. This randomness is often collected from hardware sources, either pre-existing ones such as mouse movements or specially provided randomness generators.
260 questions
-1
votes
1
answer
225
views
How much does it cost to break a strong password? [duplicate]
This is from a coffee discussion.
The enterprise policy is to use a password with an entropic score of 80 (on keepass).
The discussion was about what the cost would be (time/money/knowledge) to break ...
3
votes
8
answers
2k
views
Passphrase entropy calculation, Wikipedia version
I've been looking at entropy calculations for passphrases, in the context of estimating how long an attacker would take to guess that passphrase.
On the way, I passed through the Wikipedia article on ...
- 149
1
vote
0
answers
96
views
Doubts About Whether 128-bit Entropy is Secure Enough [duplicate]
I've read a lot of materials(including other related questions in this site) and seen many people lay out the mathematical formulas. I have a decent background in math, so I understand how long it ...
- 131
11
votes
3
answers
3k
views
Determining Entropy in PHP
I am using the following code in my code to send a password reset token to a user.
$token = md5($user_id . time());
Why this is considered as a bad approach being cited as it has a weak entropy. The ...
- 343
1
vote
0
answers
106
views
How to generate high entropy from physical sources?
What could be the main sources for strong noise generation for an AVR128DA64, so that the obtained entropy approaches or even equals 128 bits? I'm interested in good sources of physical entropy.
- 11
15
votes
4
answers
6k
views
Security of a non-random password that relies on information an attacker cannot possibly know
I am trying to determine whether a non-random password that relies on information an attacker cannot possibly know can be secure.
For example, let’s say that I generate my password by putting together ...
- 569
7
votes
4
answers
9k
views
Is a randomly generated 80-bit password strong enough nowadays?
Theoretical question - Say we have a randomly generated password with 80-bit entropy, stored as a single-round, unsalted SHA256 hash. For a determined attacker with current (2024) technology, what ...
- 73
2
votes
0
answers
238
views
Why does Bluetooth Low Energy Secure Connections with Passkey Entry check the Passkey bit by bit?
If we want to enable an authenticated connection via BLE the passkey method seems like a good idea. A 6-digit PIN is generated randomly on one device and has to be entered on the other - these 20 Bit ...
- 71
0
votes
2
answers
550
views
XKCD #936 Why not both?
This "correct horse battery staple" XKCD comic #936 was a topic discussed here already. However, I saw no one suggesting combining the second method of using dictionary words with an "...
- 1
0
votes
2
answers
273
views
Is there any good way of calculating a brain-generated password's entropy?
After reading this post, I understand that a password's entropy depends on the assumptions made when it is to be attacked (e.g. if it is generated randomly from a list of 2048 words, etc.).
Let's ...
- 187
2
votes
2
answers
369
views
Why do entropies of passwords significantly differ from site to site?
I read the infamous xkcd cartoon comparing two passwords and their strength. Curious whether their calculation was accurate, I searched many entropy calculators and plugged in the two examples from ...
- 21
0
votes
3
answers
269
views
How to analyze the security of a custom passphrase?
Let's assume person A chooses 15 words for a passphrase with an average length of 5. The passphrase meets following conditions.
Word conditions:
The first word is not a valid word and can't be found ...
- 56
-1
votes
1
answer
377
views
How can you calculate the entropy of arbitrary password rules with known distributions? [duplicate]
Many online entropy calculators make certain assumptions (like assuming a password is as rare as the set of random characters that will generate it), or handwave away the math. I want to know how to ...
10
votes
6
answers
7k
views
What is the best way to calculate true password entropy for human created passwords?
Okay, I know it might seem this has already been beaten to death but, hear me out. I am including a fairly good password strength algorithm for my app for users on sign-up. This one, which I've copied ...
- 261
1
vote
1
answer
524
views
Why does some Ransomware encrypt also the file header and trailer?
Some time ago I read an article that mentioned that it is possible for some ransomware to change the magic numbers of a file (that makes sense). However, the authors claimed that their method was ...
- 55