Suppose that the passwords created under some specific composition rule \"C\" is

Question

Suppose that the passwords created under some specific composition rule "C" is to be tested for the security. One of the way could be to conduct survey on x number of people and measure the average entropy of the passwords created by them. What should be the least value of x so that approximate entropy of the password database created by 6 billion users under the same composition rule "C" can be predicted?

I want to evaluate which composition rules create more secure passwords, assuming that I can collect the survey based password data.

Explanation / Answer

I have the impression this is an invalid line of questioning the problem.

Rule C * number of people does not define the entropy, the algorithm used for encrypting the password does. Unless the passwords are kept in clear text the password database as such will only show entropy against the algorithm.

Related Questions

Navigate

• Browse (All)
• Browse S
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.