Bitcoin Forum

Bitcoin => Development & Technical Discussion => Topic started by: zappylappy on March 18, 2021, 01:56:02 PM



Title: How to calculate entropy change of modified Diceware password?
Post by: zappylappy on March 18, 2021, 01:56:02 PM
Let's assume I roll the dice and get this 5 word diceware password:
unlinked graffiti trapeze tumble snoring
This diceware password is considered to have an entropy of ~12.92 bits (Math.log2(7776)).

Now I change the password to the following:
trapeze tumble snoring graffiti link

I changed one word (unlinked -> link) and I changed the sequence.

How can I calculate now entropy change of modified Diceware password?



Title: Re: How to calculate entropy change of modified Diceware password?
Post by: _Counselor on March 18, 2021, 05:19:04 PM
Let's assume I roll the dice and get this 5 word diceware password:
unlinked graffiti trapeze tumble snoring
This diceware password is considered to have an entropy of ~12.92 bits (Math.log2(7776)).

Now I change the password to the following:
trapeze tumble snoring graffiti link

I changed one word (unlinked -> link) and I changed the sequence.

How can I calculate now entropy change of modified Diceware password?



If diceware dictionary consists of 7776 words, then each word adds 12.92 bits to entropy, so any 5-words passphrase has 64.6 bits entropy.

Or do you want to calculate the entropy of the modified phrase, taking into account that someone knows the original phrase and the method by which it was modified?


Title: Re: How to calculate entropy change of modified Diceware password?
Post by: NotATether on March 18, 2021, 06:26:00 PM
From an algorithmic point of view, the entropy didn't change at all, because you didn't add or remove any words.

Let's assume I roll the dice and get this 5 word diceware password:
unlinked graffiti trapeze tumble snoring
This diceware password is considered to have an entropy of ~12.92 bits (Math.log2(7776)).

The whole password doesn't have 12.92 bits of entropy. That's how much entropy is in one word (there are 7776 diceware words), so as _Counselor wrote you actually 64.6 bits total entropy.


Title: Re: How to calculate entropy change of modified Diceware password?
Post by: odolvlobo on March 18, 2021, 07:11:10 PM
In theory, since the sequence is not completely random (you reordered the words and hand-picked one of them), you have lowered the entropy by some amount. That amount is difficult to compute. In the worst case, handpicking a word means that the word contributes nothing to the total entropy.

However, in practical terms, there is no difference unless the new sequence of words is designed to match a similar sequence of words that exists somewhere else.


Title: Re: How to calculate entropy change of modified Diceware password?
Post by: zappylappy on March 19, 2021, 10:57:19 AM
Thanks, for the input. I would like to ask now a slightly related question:

Let's say I do not like the first result and I roll the dice a second time. Has this any influence on the entropy?

Let's further assume I roll the dice a third and n-th time and then take the result. Would this have any influence on the entropy?


Title: Re: How to calculate entropy change of modified Diceware password?
Post by: NotATether on March 19, 2021, 03:38:59 PM
Thanks, for the input. I would like to ask now a slightly related question:

Let's say I do not like the first result and I roll the dice a second time. Has this any influence on the entropy?

Let's further assume I roll the dice a third and n-th time and then take the result. Would this have any influence on the entropy?

This is an example of selecting an outcome from what I call the "entropy space" so your amount of entropy still stays the same although the value of it changes a number of times.

Think of it from a probability point of view where you have a 1/N chance of selecting a particular item from N items, but using repeated selection you're able to select the same one again or a different one: 1/(N*N*N*...) the more times you select things.


Title: Re: How to calculate entropy change of modified Diceware password?
Post by: odolvlobo on March 19, 2021, 10:17:48 PM
Thanks, for the input. I would like to ask now a slightly related question:
Let's say I do not like the first result and I roll the dice a second time. Has this any influence on the entropy?
Let's further assume I roll the dice a third and n-th time and then take the result. Would this have any influence on the entropy?
This is an example of selecting an outcome from what I call the "entropy space" so your amount of entropy still stays the same although the value of it changes a number of times.
Think of it from a probability point of view where you have a 1/N chance of selecting a particular item from N items, but using repeated selection you're able to select the same one again or a different one: 1/(N*N*N*...) the more times you select things.

I disagree. The act of choosing an outcome can reduce its entropy to potentially 0. Take an extreme case: Generate random 6 character passwords until the results are "123456". In both theoretical and practical terms, that password has an entropy of 0. Nothing about it is random. You picked a password and then used a random process to generate the password that you picked. By choosing an outcome, you reduce the "entropy space" by removing the regions that you would reject.


Title: Re: How to calculate entropy change of modified Diceware password?
Post by: NotATether on March 21, 2021, 04:34:03 AM
I disagree. The act of choosing an outcome can reduce its entropy to potentially 0. Take an extreme case: Generate random 6 character passwords until the results are "123456". In both theoretical and practical terms, that password has an entropy of 0. Nothing about it is random. You picked a password and then used a random process to generate the password that you picked. By choosing an outcome, you reduce the "entropy space" by removing the regions that you would reject.

I haven't thought of that. Of course if a password is in a dictionary list then it doesn't matter how many times you changed words. You could keep changing until you come up with "correct horse battery stapler" by chance but that's also going to have zero entropy, but if there are five words instead of four and the fifth one is something nonsensical then that word is still going to carry entropy so that five-word diceware phrase is going to have 12.92 bits of entropy.

Can anyone verify if Diceware behave more similar to /dev/random or /dev/urandom ?

The diceware website as we know it is in JavaScript which means it's using whatever random number generator the OS and browser have, so this question really depends on which combination you run Diceware on.