Answer Key to Calculating Password Entropy



Password strength is determined with this chart:
< 28 bits = Very Weak; might keep out family members
28 - 35 bits = Weak; should keep out most people, often good for desktop login passwords
36 - 59 bits = Reasonable; fairly secure passwords for network and company passwords
60 - 127 bits = Strong; can be good for guarding financial information
128+ bits = Very Strong; often overkill

While a password with 40-50 bits of entropy may be semi-safe now, it is only a matter of time until GPUs become more powerful, and password cracking takes less time!

1 - 10   Now calculate password entropy for the following passwords:
 
E = 37.6    1. password    
            R = 26 since its pool 
            of characters is just 
            the 26 lower case 
            letters and L = 8 
            (the length) 

E = 45.6    2. Password 
            R = 52 and L = 8 

E = 28.2    3. qwerty 
            R = 26 and L = 6 

E = 31.0    4. abc123  
            R = 36 and L = 6 

E = 76.3    5. MrP*MathPage 
            R = 82 since it 
            uses upper and 
            lower case and 
            ASCII characters  
            and L = 12

E = 19.93   6. 123456  
               R = 10 and L = 6 

E = 37.6    7. starwars  
               R = 26 and L = 8 

E = 37.6    8. baseball 
               R = 26 and L = 8 

E = 63.6    9. P33e=7a*E6m  
               R = 82 and L = 10 

E = 76.3   10. Q77a&-2kB4R2  
               R = 82 and L = 12 


R = 20     11. If the password 
               entropy of an eight 
               character password 
               is 34.9 bits, 
               what is the pool 
               of characters? 

R = 12     12. If the password 
               entropy of a twelve 
               character password 
               is 55.7 bits,  
               what is the pool 
               of characters? 


 


Send any comments or questions to: David Pleacher