# Guessing entropy

Talk0*28,557*pages on

this wiki

## Definition Edit

**Guessing entropy** is

“ | [a] measure of the difficulty that an attacker has to guess the average password used in a system. Entropy is often stated in bits. When a password has n-bits of guessing entropy then an attacker has as much difficulty guessing the average password as in guessing an n-bit random quantity. The attacker is assumed to know the actual password frequency distribution.^{[1]}
| ” |

## References Edit

- ↑ NIST, Electronic Authentication Guideline 6 (NIST Special Publication 800-63) (Apr. 2006) (full-text).