Entropy of passwords
Term: number of entropy bits of a password
- a concept from information theory
- a password with 5 bits of strength == 5 bits chosen randomly via coin tosses
- would need 2^5 number attempts to exhaust all possibilities
- on average, an attacker will have to try half of all possibilities
Source: https://en.wikipedia.org/wiki/Password_strength
Question: what is the recommended number of entropy bits?
-
Depends on threat model
- 29 bits: only online attacks
- 96 bits: important cryptographic keys