I recently came across the term password entropy, and I was curious how it related to the thermodynamic type of entropy I'm used to as a physicist. When choosing a password, we want to create something that's hard to guess. That means there should be as many possibilities as we can manage. That's why accounts frequently require you to include upper- and lower-case letters, numbers, and symbols. By increasing the variety of characters, there are more possible passwords you could make. To characterize the number of choices, people sometimes define the "bits of entropy" as
where M is the number of possible passwords. The term "bits" is meant in the computational context: either a 0 or 1, with 8 bits making a byte, and kilobyte/megabyte further scaling by 1024 each.
This is essentially the same, up to a constant factor, as the type of entropy used in thermodynamics, where instead of character combinations, we have microstates of a system (see the post I linked above for more details). It turns out we can connect these concepts through a thought experiment called Maxwell's Demon: Imagine we have a box filled with gas and divided into two sections, with a door between them that can be opened and closed. If the gas in one side of the box is warmer than the other, we can extract energy from the box using a heat engine. Once the two sides are the same temperature though, we can no longer perform work using them. However, temperature gives the average energy of the gas molecules: Some will be moving faster, and some slower. Suppose we had a device (or a demon, if our research grant covers soul exchanges) that could detect when a slow molecule approached the door from the left, or a fast molecule came from the right, and could quickly open and close the door to let that molecule through. Then we could make the two halves different temperatures again, decreasing the entropy and allowing more work to be extracted!
The sticking point though is how this demon decides whether to open the door or not. As we saw above, information carries entropy of its own, and the knowledge of whether the door should be opened for a particle cancels out the decrease in entropy caused by the temperature difference. There are some interesting details on that in the Wikipedia article, but there was another aspect of password choices that I wanted to explore, related to this xkcd comic. Generally, increasing the length of the password, or the types of characters allowed in the password will increase the entropy, but requiring certain character types can make the entropy go down. Below you'll find a little JavaScript tool to calculate the entropy for different requirements.
Cannot Have |
Can Have |
Must Have |
|
Lowercase |
|||
Uppercase |
|||
Number |
|||
Symbol |
Length: |
Entropy:Days @ 1k/sec: |
No comments:
Post a Comment