Boston Linux & UNIX was originally founded in 1994 as part of The Boston Computer Society. We meet on the third Wednesday of each month at the Massachusetts Institute of Technology, in Building E51.

BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] vnc

> From: Dan Ritter [mailto:dsr at]
> Even though I agree with all this, I have to point out that many
> experiments have concluded that English sentences contain about 1.1 bits
> of entropy per character, and so it is not completely unreasonable to
> create and memorize a 120 character sentence to use as a password.

I wouldn't attempt to measure entropy on a per-character basis, unless you're randomly generating characters.  For example, if given the characters "charact" I bet you'll be able to predict the next character "e."  And if you're randomly selecting words, the number of characters are variable.  And if you're *non* randomly selecting words that are related to each other (such as a sentence) then the measurement of entropy becomes even more vague, and more variable.  Any estimate such as "1.1 bits per character" is very likely to be imprecise and inaccurate.

If you randomly select words from a word list (See the General Service List there are 2,284 words in the list, which means about 11 bits of entropy per randomly selected word.  If you randomly string together 11 words, it's 122 bits of entropy .  I actually wrote something specifically for this purpose. 

122 bits of entropy is generally good enough, and with a little effort and repetition, most people can memorize 11 randomly selected words.

BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!

Boston Linux & Unix /