![]() ![]() But, different people will asses different probabilities because they have different knowledge. An alternative formulation is the Shannon Entropy formula, which makes the relationship to probabilities clearer. The formula you are using above is the Boltzman Entropy formula. Entropy is a measure of Uncertainty, and different people have different uncertainties because they have different knowledge. Entropy is not "absolute" and different people will not necessarily agree on entropy and thats okay. Also, XKCD is always applicable when it comes to these sorts of things. If you use lots of randomness then you have a high entropy password and it is secure even if someone knows how you make your passwords.Įntropy calculators make assumptions about how the passwords were generated, and therefore they can both disagree with each other and also be wildly wrong. If you use some rules to generate a password for each site then your passwords might not have any entropy at all, which means that anyone who knows your rules knows your passwords. Entropy is determined not by what the password looks like but by how it is generated. This is an extreme example but I hope it gets the point across. Therefore the reality is that there is no entropy in my password at all, and anyone who knows how I generate my passwords will know what my password is to every site I log in as. However, looking at that, someone might suspect that my password isn't really random at all and might realize that it is just the rot13 transformation of site name + my name. It doesn't contain numbers, but taking a simple calculation you might guess an entropy of 216 bits of entropy - far more than a typical password needs these days (38 characters with a mix of upper and lower case gives 52^38 ≈ 2^216). Imagine that my password was .Īn entropy checker will probably rate that with a high amount of entropy because it contains no words and is long. An extreme example is usually the best way to show what I mean. Therefore, part of why different entropy checkers will disagree is because the entropy is a measure of how the password was generated, not what the password contains. Something important to keep in mind is that entropy of course is, in essence, "the amount of randomness" in the password. Orgīuilding the global movement for the protection of privacy.įound this post from stackexchange that pretty much sums up the answer Related Subreddits:Ĭonsider donating to one of the organizations that fight for your rights. u/blackhawk_12 Subreddit Rules and Wikiīefore posting in /r/privacy, read the Sidebar Rules.Įnjoy our Wiki! It has all sorts of nifty advice and explains most topics you’re interested in if you’re reading this. "I don't have anything to hide but I don't have anything I want to show you either" Dedicated to the intersection of technology, privacy, and freedom in the digital world. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |