On Sun, Oct 29, 2017 at 1:18 PM, Gregory Ewing <greg.ew...@canterbury.ac.nz> wrote: > You're missing something fundamental about what > entropy is in information theory. > > It's meaningless to talk about the entropy of a single > message. Entropy is a function of the probability > distribution of *all* the messages you might want to > send.
Which is where a lot of "password strength" confusion comes from. How much entropy is there in the password "U3ZINVp3PT0="? Strong password or weak? What about "dark-next-sure-secret"? "with-about-want-really-going"? They were generated by, respectively: double-MIME-encoding four bytes from /dev/random (32 bits of entropy), picking four words from the top 1024 (40 bits), and picking 5 words from the top 64 (30 bits). But just by looking at the passwords themselves, you can't tell that. ChrisA -- https://mail.python.org/mailman/listinfo/python-list