Open In App

Password Entropy in Cryptography

Last Updated : 16 Feb, 2021
Improve
Improve
Like Article
Like
Save
Share
Report

Password Entropy is the measure of password strength or how strong the given password is. It is a measure of effectiveness of a password against guessing or brute-force attacks. It decides whether the entered password is common and easily crack-able or not. It is calculated by knowing character set (lower alphabets, upper alphabets, numbers, symbols, etc.) used and the length of the created password. It is expressed in terms of bits of entropy per character.

Calculation of total number of possible passwords :

In this, you will see how to calculate the total number of possible passwords which can be created with a given character set with the help of examples. 

Example-1 : 

Consider the following password policy of an information system where users are required to create their password with at least 5 characters and at most 7 characters from the character set with lowercase letters a-z, uppercase letters A-Z and digits 0-9. Calculate the total number of possible passwords which can be created from it.

Solution – 

Total characters = 26(a-z) + 26(A-Z) + 10(0-9) = 62
Passwords must be between 5 characters to 7 characters
=> P = \Sigma^{7}_{k=5} 62^k\\ = 62^5 + 62^6 + 62^7\\ = 3.5 * 10^{12}   possible passwords.

Example-2 : 

Consider the following password policy of an information system where users are required to create their password with at least 5 characters and at most 7 characters from the character set with lowercase letters a-z, uppercase letters A-Z and digits 0-9. Calculate the total number of possible passwords using at least one digit which can be created from it.

Solution –

Total characters = 26(a-z) + 26(A-Z) + 10(0-9) = 62
Passwords which can be formed without using any digit = 62 - 10 (0-9) = 52
Passwords must be between 5 characters to 7 characters with atleast one digit
=> P =\Sigma^{7}_{k=5} 62^k -  \Sigma_{k=5}^{7} 52^k\\= 3.5 * 10^{12} - 1.048 * 10^12 \\= 2.45 * 10^{12}  
 possible passwords.

Example-3 : 

Now assume that attacker uses a machine with a test capacity of cracking 2.5 million passwords/second and on an average success is achieved if it can test 75% of the overall number of the password. Then calculate the time required by the attacker to crack the password in example 2.

Solution –

Time required = Total number of possible passwords * rate * accuracy
= 2.45 * 10^{12} * \frac{1}{250000} * \frac{75}{100}\\ = 8.67   days

Calculation of password entropy :

In this, you will see how to calculate the password entropy. Password Entropy is calculated by the following formula as follows.

Password Entropy = log_{2}  (number of characters in character set) * length of the password

Example-4 : 

Calculate the password entropy of geeksfg123 chosen from the character set used in example 1.

Solution –

Number of characters in character set = 62
Length of password = 10 (geeksfg123)
Password Entropy = \log_{2} (62) *10\\ = 5.95 * 10\\ = 59.5   bits of entropy per character

Like Article
Suggest improvement
Next
Passwords and Cryptographic hash function
Share your thoughts in the comments

Similar Reads

Custom Building Cryptography Algorithms (Hybrid Cryptography)
Classical Cryptography and Quantum Cryptography
DNA Cryptography
History of Cryptography
Key Management in Cryptography
Differences between Classical and Quantum Cryptography
Cryptography and its Types
Bifid Cipher in Cryptography
Avalanche Effect in Cryptography
Cryptography and Network Security Principles

I
img2018033
Article Tags :
We use cookies to ensure you have the best browsing experience on our website. By using our site, you acknowledge that you have read and understood our Cookie Policy & Privacy Policy
Lightbox