[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
how much entropy in common answers
I've been playing arround with some code to implement CME's
secret sharing using low entropy answers. (His write-up
is in http://www.clark.net/pub/cme/html/rump96.html)
In the write-up, Carl says " That means that it has very low entropy. For example, a person's first name has only about 8 bits of entropy. Car makes and models have only 2 to 4 bits of entropy -- especially if one is naming cars desirable to a teenager."
Further on, he says "Therefore, if each answer has entropy E, the attacker must correctly guess T=(EK) bits of answers. If T exceeds 90 bits or so, then the user is reasonably secure from answer-guessing attacks." (where K is the number
of questions)
My question is, how do we measure the entropy of each answer so we can
calculate when we've got 90 or so bits. I know when I was a teenager,
the list of car lust objects was short, and everyone wanted a Mustang or
Camaro, so the entropy of those two choices was much less than half a bit.
A similar idea was mentioned in a critique of the plot of West Side Story.
The question is, on a hot night in Spanish Harlem, what percentage of
women are named "Maria"?
Clearly there are cultural issues involved. The entropy in a question
such as "what is your favorite brother's name?" is low in an Irish
family like mine where names cluster arround choices such as are Patrick,
John, Sean, and Dan.
So how do we measure the entropy objectively?
Thanks
Pat
Pat Farrell CyberCash, Inc. (703) 715-7834
[email protected]
#include standard.disclaimer