Entropy Definition (was Re: passphrases with more than 160 bits of entropy)

Sandy Harris sandyinchina at gmail.com
Thu Mar 23 00:42:53 EST 2006

Aram Perez <aramperez at mac.com> wrote:

> So, if you folks care to educate me, I have several questions related
> to entropy and information security (apologies to any physicists):
I'll answer the easier questions. I'll leave the harder ones for someone
with a better grounding in information theory.

> * What is the relationship between randomness and entropy?

Roughly, they both measure unpredictability. Something that is hard
to predict is random, or has high entropy. There are mathematical
formulations that make this a lot more precise, but that's the basic

> * Does processing an 8 character password with a process similar to
> PKCS#5 increase the entropy of the password?

Absolutely not!

At best, you preserve the original entropy, just distributing it
differently. If you get the processing wrong, you can reduce or
even entirely destroy it, but no amount of any kind of processing
can increase it.

> * Can you add or increase entropy?
You can add more entropy, either from another source or more
from the same source. That is the only way to increase it.

Sandy Harris
Zhuhai, Guangdong, China

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list