Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Entropy is a subjective value, in that it depends on the observer's statistical model. Quite weak passwords can look high-entropy to a system like this, e.g. it's not going to know that "Make America Great Again" is a common phrase, or that the user is a security-illiterate Trumpist and therefore likely to use such a passphrase.

If you're generating passwords for users from these statistical models, and forcing them to use the first paraphrase you give them, talking about "raw entropy" would make more sense. It's still subjective, in that someone who knows the full machine state at generation time would probably see a different entropy, but at least that information is relatively hard to access.




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: