Questions tagged [entropy]
In computing, entropy is the randomness collected by an operating system or application for use in cryptography or other uses that require random data. This randomness is often collected from hardware sources, either pre-existing ones such as mouse movements or specially provided randomness generators.
257
questions
1
vote
0
answers
67
views
How to generate high entropy from physical sources?
What could be the main sources for strong noise generation for an AVR128DA64, so that the obtained entropy approaches or even equals 128 bits? I'm interested in good sources of physical entropy.
15
votes
4
answers
6k
views
Security of a non-random password but that relies on information an attacker cannot possibly know
I am trying to figure out whether a non-random password that relies on information an attacker cannot possibly know can be secure.
To give an example, let’s say that I generate my password by putting ...
7
votes
4
answers
9k
views
Is a randomly generated 80-bit password strong enough nowadays?
Theoretical question - Say we have a randomly generated password with 80-bit entropy, stored as a single-round, unsalted SHA256 hash. For a determined attacker with current (2024) technology, what ...
2
votes
0
answers
127
views
Why does Bluetooth Low Energy Secure Connections with Passkey Entry check the Passkey bit by bit?
If we want to enable an authenticated connection via BLE the passkey method seems like a good idea. A 6-digit PIN is generated randomly on one device and has to be entered on the other - these 20 Bit ...
0
votes
2
answers
338
views
XKCD #936 Why not both?
This "correct horse battery staple" XKCD comic #936 was a topic discussed here already. However, I saw no one suggesting combining the second method of using dictionary words with an "...
0
votes
0
answers
181
views
How does user activity affect entropy generation process in GnuPG?
Earlier today, I was using gpg to generate keys for work. While doing so, I noticed:
We need to generate a lot of random bytes. It is a good idea to
perform some other action (type on the keyboard, ...
0
votes
2
answers
193
views
Is there any good way of calculating a brain-generated password's entropy?
After reading this post, I understand that a password's entropy depends on the assumptions made when it is to be attacked (e.g. if it is generated randomly from a list of 2048 words, etc.).
Let's ...
2
votes
2
answers
238
views
Why do entropies of passwords significantly differ from site to site?
I read the infamous xkcd cartoon comparing two passwords and their strength. Curious whether their calculation was accurate, I searched many entropy calculators and plugged in the two examples from ...
0
votes
3
answers
209
views
How to analyze the security of a custom passphrase?
Let's assume person A chooses 15 words for a passphrase with an average length of 5. The passphrase meets following conditions.
Word conditions:
The first word is not a valid word and can't be found ...
-1
votes
1
answer
300
views
How can you calculate the entropy of arbitrary password rules with known distributions? [duplicate]
Many online entropy calculators make certain assumptions (like assuming a password is as rare as the set of random characters that will generate it), or handwave away the math. I want to know how to ...
10
votes
6
answers
6k
views
What is the best way to calculate true password entropy for human created passwords?
Okay, I know it might seem this has already been beaten to death but, hear me out. I am including a fairly good password strength algorithm for my app for users on sign-up. This one, which I've copied ...
1
vote
1
answer
411
views
Why does some Ransomware encrypt also the file header and trailer?
Some time ago I read an article that mentioned that it is possible for some ransomware to change the magic numbers of a file (that makes sense). However, the authors claimed that their method was ...
25
votes
6
answers
9k
views
Is a sha256 hash of a unix timestamp a strong password
I am setting up a postgres db that will never be used by humans. In fact, I really don't need to know it myself ever. I assumed that just using a 256bit(64 alphanumeric chars) hash of a unix timestamp ...
1
vote
0
answers
143
views
Comparing HAVEGE and Jitter Entropy algorithms
How does the HAVEGE method (or rather, the specific adaption of it as used in haveged) for generating randomness from timing differ from that of the Jitter Entropy method? Is there any research ...
2
votes
2
answers
179
views
Rationale behind disallowing the use of similar passwords?
I recently had to change my password on a linux server (RedHat). It wouldn't let me use my password of choice because it was "too similar" to my previous password. Is this really ...