While I’m on the topic of security, I thought I’d do some math on PIN strength vs. password strength. Initially I had assumed that the entropy-per-character of PINs, which are generally only digits, would be worse than the entropy-per-characrer of full passwords. Now I’m not so sure.
PINs that are composed of digits, where each digit is equally likely, represent 3 1/3 bits per character of entropy, so an 8-digit PIN is 27 bits of entropy.
Passwords have a wider range of characters to draw from: A-Z, a-z, 0-9, !-), to take the easy set, although there are more. That’s 26*2 + 10*2 = 72 characters, or about 6 bits of entropy per character, for a total of 48 bits – or about 2 million times as many possibilities.
The problem with this analysis is that not all characters from the set of 72 are equally likely. In fact, good old fashioned English text has an astonishingly low 1.3 bits per character of entropy, according to Bruce Schneier in Applied Cryptography. That means your 8-character password is only good for about 10 bits of entropy, meaning it has 128,000 times fewer possibilities than an equivalent-length PIN.
Of course, it’s relatively easy to pick secure passwords if you are careful, with one effect being to increase the bits/character of entropy by consciously expanding the character pool to use more symbols. A well chosen password ought to have much more than 1.3 bits/character of entropy.
I don’t have any stats at my fingertips on the entropy/character that results from certain password complexity rules (mixed case, numbers, symbols, non-dictionary, etc), but I suspect that it should approach PIN-level entropy in even the worst cases, and can obviously go far beyond 3 bits/character if done well.
I’m playing a little loose with the concept of entropy here; there’s really a lot of theory behind this stuff. As usual, Wikipedia entry on information entropy is excellent, if a bit on the mathematical side.
What happens to entropy when using a hashed password with a random salt? Preferably, this should result in less frequent letters to appear in the digested password and the entropy decreases.
Just throwing out ideas here…
If I understand your suggestion correctly, salt doesn’t change the entropy, and neither does hashing, by itself. You’d still be able to do exactly the same brute-force key search prepending the (supplied) salt. You’ve increased the search time by a constant factor of the hashing time, which may be extremely valuable from a practical perspective, but you haven’t changed the complexity of the attack.
So, it’s a great idea, but I don’t think it affects the entropy. You can’t create random data with mathematical transformations using only known inputs. You simply have to collect more random data.
As I write this comment, I am wondering about the distinction between the randomness of the chosen key vs. the size and inherent randomness of the key space. An ideal key space would have a probability distribution function that is flat, with no [higher-order] patterns. That is the problem here. I wonder if there’s a way to untangle the randomness of the chosen key from some notion of the randomness inherent in the key space (i.e. “english words” vs. digits).
Must read more.