The IT Law Wiki

Guessing entropy

32,076pages on
this wiki
Add New Page
Add New Page Talk0

Definition Edit

Guessing entropy is

[a] measure of the difficulty that an attacker has to guess the average password used in a system. Entropy is often stated in bits. When a password has n-bits of guessing entropy then an attacker has as much difficulty guessing the average password as in guessing an n-bit random quantity. The attacker is assumed to know the actual password frequency distribution.[1]

References Edit

  1. NIST, Electronic Authentication Guideline 6 (NIST Special Publication 800-63) (Apr. 2006) (full-text).

Also on Fandom

Random Wiki