Michael Sierchio <[EMAIL PROTECTED]> writes: > Jeffrey Altman wrote: > > > A passphrase consisting of human readable/typable text provides > > approximately 2 bits of entropy per character. > > English text contains approx. 3.5 bits of entropy per character. This seems high, considering that only 6 bits are required to render every alphanumeric message (and only a little over 5 bits is required if you use only one case).
Schneier's estimate is even more conservative than Jeffrey's. Ordinary English text contains 1.0-1.5 bits per character. Schneier cites Shannon[0] and Cover[1] Michael, perhaps you're thinking of the REDUNDANCY of English, which is roughly 3.4 bits/character (4.7 bits is required to render all 26 letters, so if you subtract 1.3 from 4.7...) That said, it's not clear how these results apply to passwords. The entropy of short chunks of text is lower. Shannon claims about 2.3 bits/char for 8-letter chunks. OTOH, passwords which are specifically well chosen can have very high entropies. Memorizing strings of 8-16 random characters is quite practical [2] and such strings (even when limited to typed text) can have entropies as high as 6+ bits/character. -Ekr [0] Shannon, C.E., "Predication and Entropy in Printed English" [1] Cover, T.M., King, R.C., "A Convergent Gambling Estimate of the Entropy of English", in IEEE Trans. Info. Theory., July 1978. [2] OTOH, most people aren't willing to do this, so this is a best case scenario for situations where users care about security. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]