Brute forcing question.

[Decoded]

Hey guys.

So, if someone (a hacker) knew exactly how many bits of entropy your password was, could they crack it easier than without the knowledge of the password strength?

[Straux]

Yes, it would be easier.

If they knew how many bits of entropy your password was, they could rule out passwords not under that entropy strength, and narrow down their search for your password.

[NorrisK]

Why are you worried about this? Did you share this information with someone?

Even if the hacker knows the amount of bit of entropy your password has, if it is high enough it wouldn't matter because it would still take too much time.

Also, if I'm correct, entropy is not based solely on the amount of characters in your password, but rather the type of symbols you used in your password. The more symbols there are to choose from in your library of symbols (e.g. alphabet letters have higher entropy than numbers 0-9), the higher your entropy will be. So as long as nobody knows what types of characters you used, you should be fine.

Also, Brain wallets and their seeds often have a fixed amount of words to generate the private keys. If this would've been a problem, all electrum wallets would be hacked because the entropy is known.

[shorena]

Yes, it would be easier.

If they knew how many bits of entropy your password was, they could rule out passwords not under that entropy strength, and narrow down their search for your password.

No it does not, because if the attacker does not know the set of symbols used, knowing the entropy does not help them. I can tell you have an 32 bit (which is weak) password. You are no closer to knowing my password which could be made off words, numbers, latin alphanumeric symbols, special characters, cyrillic symbols, utf-8 or any mix of them. There is a theoretical advantage that you only need to test a subset of all possible passwords for each set of symbols, but you might still need to test a possible infinity number of symbol sets.

Also in order to brute force something you need the file. So if the question is whether you can tell someone your password strength, you can. Keep in mind though that the entropy depends on the way you generate a password. Selecting a random word from a list of 8 words, only has 3 bits of entropy no matter how long and complex the words are. If your password is not generated randomly it might be impossible to determine its entropy.

[Nybbas]

All that mining equipment one day will have only this purpose to brute force passwords,
 and this will become serious question i believe. So change your passwords periodically.

[JasonXG]

Brute forcing passwords is a very bad way to get a password. It takes alot of time to do that. Days , weeks, months, years even !
That's why it's never used, i wouldn't worry about it.

[Nybbas]

Brute forcing passwords is a very bad way to get a password. It takes alot of time to do that. Days , weeks, months, years even !
That's why it's never used, i wouldn't worry about it.

But what if you have great amount of hash power like Chinese mining farms?
they could become rent services when mining becomes unprofitable.

[achow101]

Brute forcing passwords is a very bad way to get a password. It takes alot of time to do that. Days , weeks, months, years even !
That's why it's never used, i wouldn't worry about it.

But what if you have great amount of hash power like Chinese mining farms?
they could become rent services when mining becomes unprofitable.

The hash used by Bitcoin is SHA256d, which is not used for anything else really. ASICs wouldn't be useful for breaking hashes because they can only do SHA256d.