Michael Sierchio <[EMAIL PROTECTED]> writes:

> Jeffrey Altman wrote:
> 
> > A passphrase consisting of human readable/typable text provides
> > approximately 2 bits of entropy per character.  
> 
> English text contains approx. 3.5 bits of entropy per character.
This seems high, considering that only 6 bits are required to
render every alphanumeric message (and only a little over 5 bits
is required if you use only one case).

Schneier's estimate is even more conservative than Jeffrey's.
Ordinary English text contains 1.0-1.5 bits per character.
Schneier cites Shannon[0] and Cover[1]

Michael, perhaps you're thinking of the REDUNDANCY of English,
which is roughly 3.4 bits/character (4.7 bits is required to
render all 26 letters, so if you subtract 1.3 from 4.7...)

That said, it's not clear how these results apply to passwords.
The entropy of short chunks of text is lower. Shannon claims
about 2.3 bits/char for 8-letter chunks. OTOH, passwords which
are specifically well chosen can have very high entropies.
Memorizing strings of 8-16 random characters is quite practical [2]
and such strings (even when limited to typed text) can have
entropies as high as 6+ bits/character.

-Ekr

[0] Shannon, C.E., "Predication and Entropy in Printed English"

[1] Cover, T.M., King, R.C., "A Convergent Gambling Estimate of the
Entropy of English", in IEEE Trans. Info. Theory., July 1978.

[2] OTOH, most people aren't willing to do this, so this is a
best case scenario for situations where users care about 
security.


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to