Questions tagged [entropy]
In computing, entropy is the randomness collected by an operating system or application for use in cryptography or other uses that require random data. This randomness is often collected from hardware sources, either pre-existing ones such as mouse movements or specially provided randomness generators.
260 questions
0votes
0answers
7views
Gathering entropy at different times using a cycle counter [migrated]
For non-cryptographic purposes (which use a HWRNG instead), I implemented into a bare metal program a Xorshift* RNG (Taken from [1], see below for implementation). The RNG is currently seeded with the ...
- 101
3votes
8answers
2kviews
Passphrase entropy calculation, Wikipedia version
I've been looking at entropy calculations for passphrases, in the context of estimating how long an attacker would take to guess that passphrase. On the way, I passed through the Wikipedia article on ...
- 149
1vote
0answers
93views
Doubts About Whether 128-bit Entropy is Secure Enough [duplicate]
I've read a lot of materials(including other related questions in this site) and seen many people lay out the mathematical formulas. I have a decent background in math, so I understand how long it ...
- 131
11votes
3answers
3kviews
Determining Entropy in PHP
I am using the following code in my code to send a password reset token to a user. $token = md5($user_id . time()); Why this is considered as a bad approach being cited as it has a weak entropy. The ...
- 343
1vote
0answers
82views
How to generate high entropy from physical sources?
What could be the main sources for strong noise generation for an AVR128DA64, so that the obtained entropy approaches or even equals 128 bits? I'm interested in good sources of physical entropy.
- 11
15votes
4answers
6kviews
Security of a non-random password but that relies on information an attacker cannot possibly know
I am trying to figure out whether a non-random password that relies on information an attacker cannot possibly know can be secure. To give an example, let’s say that I generate my password by putting ...
- 569
7votes
4answers
9kviews
Is a randomly generated 80-bit password strong enough nowadays?
Theoretical question - Say we have a randomly generated password with 80-bit entropy, stored as a single-round, unsalted SHA256 hash. For a determined attacker with current (2024) technology, what ...
2votes
0answers
194views
Why does Bluetooth Low Energy Secure Connections with Passkey Entry check the Passkey bit by bit?
If we want to enable an authenticated connection via BLE the passkey method seems like a good idea. A 6-digit PIN is generated randomly on one device and has to be entered on the other - these 20 Bit ...
- 71
0votes
2answers
447views
XKCD #936 Why not both?
This "correct horse battery staple" XKCD comic #936 was a topic discussed here already. However, I saw no one suggesting combining the second method of using dictionary words with an "...
0votes
2answers
229views
Is there any good way of calculating a brain-generated password's entropy?
After reading this post, I understand that a password's entropy depends on the assumptions made when it is to be attacked (e.g. if it is generated randomly from a list of 2048 words, etc.). Let's ...
- 187
2votes
2answers
315views
Why do entropies of passwords significantly differ from site to site?
I read the infamous xkcd cartoon comparing two passwords and their strength. Curious whether their calculation was accurate, I searched many entropy calculators and plugged in the two examples from ...
- 21
0votes
3answers
225views
How to analyze the security of a custom passphrase?
Let's assume person A chooses 15 words for a passphrase with an average length of 5. The passphrase meets following conditions. Word conditions: The first word is not a valid word and can't be found ...
- 56
-1votes
1answer
337views
How can you calculate the entropy of arbitrary password rules with known distributions? [duplicate]
Many online entropy calculators make certain assumptions (like assuming a password is as rare as the set of random characters that will generate it), or handwave away the math. I want to know how to ...
10votes
6answers
7kviews
What is the best way to calculate true password entropy for human created passwords?
Okay, I know it might seem this has already been beaten to death but, hear me out. I am including a fairly good password strength algorithm for my app for users on sign-up. This one, which I've copied ...
- 261
1vote
1answer
471views
Why does some Ransomware encrypt also the file header and trailer?
Some time ago I read an article that mentioned that it is possible for some ransomware to change the magic numbers of a file (that makes sense). However, the authors claimed that their method was ...
- 55
