/sci/ - Science & Math

How would you calculate the bits of entropy of this password?

>stagnant-squid-possible-legal

Entropy = log2(S^L)
Where S is symbol pool size and L is the length. Log base 2 of 26 alphabets + 1 hyphen, raised to the power of 32, because 32 characters long.

Chatgpt says the bits of entropy are 152. But that's assuming an attacker doesn't know our password scheme and is bruteforcing.

What if the attacker knows we are picking 4 random words separated by a hyphen?

Then the symbol pool is the size of random words you are pulling from. Let's say 7,000 words. The length then is 4, because 4 words. The hyphens are negligible.
So the actual entropy, assuming our attacker knows the scheme is, 51 bits.

Not quite weak, but not strong either.

My goal here is to use 4 random words, because it's easy to type and to remember, and then harden it by randomly inserting a special character and a digit.

The problem now is I am too dumb to calculate the bits of entropy for the new scheme and therefore cannot measure how much stronger the password is.

>stag?nant-squid-pos7sible-legal

What is the entropy now that I have randomly placed one special char and one digit? Is this measurable?

I asked chatgpt and it said to account for the increased complexity of the possible insertions the entropy is 67.

And then I asked what if the attacker doesn't know the exact length of each word, and it basically said fuck you calculate it yourself.