Calculating Password Entropy?
Answer : There are equations for when the password is chosen randomly and uniformly from a given set; namely, if the set has size N then the entropy is N (to express it in bits, take the base-2 logarithm of N ). For instance, if the password is a sequence of exactly 8 lowercase letters, such that all sequences of 8 lowercase characters could have been chosen and no sequence was to be chosen with higher probability than any other, then entropy is N = 26 8 = 208827064576 , i.e. about 37.6 bits (because this value is close to 2 37.6 ). Such a nice formula works only as long as uniform randomness occurs, and, let's face it, uniform randomness cannot occur in the average human brain. For human-chosen passwords, we can only do estimates based on surveys (have a look at that for some pointers). What must be remembered is that entropy qualifies the password generation process , not the password itself. By definition, "password meter" applications and Web sites do ...