[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: how much entropy in common answers
From: Pat Farrell <[email protected]>
> Clearly there are cultural issues involved. The entropy in a question
> such as "what is your favorite brother's name?" is low in an Irish
> family like mine where names cluster arround choices such as are Patrick,
> John, Sean, and Dan.
>
> So how do we measure the entropy objectively?
You have to estimate the probability that the attacker will guess what you
have chosen. This will depend on how much the attacker knows about you.
If he knows that you're Irish, it will help in the question above. If he
knows the names of your brothers, it will help a lot more. Probably
it is best to be conservative in assuming what your attacker knows.
If you have four brothers and nobody whom the attacker could ask will
know who is your favorite, but you think he could find out there names,
then he has probably a 1/4 chance of guessing right. (Actually he
might do better by preferring older brothers rather than younger, etc.)
The amount of entropy is then negative log 2 of the probability, or 2
in this case (2**-2 is 1/4).
For cars, if 50% of people like you would have chosen Mustangs,
40% Camaros, and the remaining 10% scattered among other brands, then
if your favorite car was a Mustang that is only worth about 1 bit. But
if your favorite car was an Oldsmobile there might be only 1/100 chance
of the attacker guessing that, so it could be worth 6 or 7 bits.
Hal