Talk:Password strength
From Wikipedia, the free encyclopedia
| This is the talk page for discussing improvements to the Password strength article. This is not a forum for general discussion of the subject of the article. |
Article policies
|
| Find sources: Google (books · news · scholar · free images · WP refs) · FENS · JSTOR · TWL |
Archives: 1, 2Auto-archiving period: 3 months  |
 | This article is rated C-class on Wikipedia's content assessment scale. It is of interest to the following WikiProjects: | ||||||||||||||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||||||||||||||
Entropy bits vs. bits of entropy
The section Entropy as a measure of password strength contains the following language:
- It is usual in the computer industry to specify password strength in terms of information entropy, which is measured in shannon (Sh) and is a concept from information theory. It can be regarded as the minimum number of bits necessary to hold the information in a password of a given type. Instead of the number of guesses needed to find the password with certainty, the base-2 logarithm of that number is given, which is commonly referred to as the number of "entropy bits" in a password, though this is not the same quantity as information entropy.
Later in the article, we discuss "bits of entropy" without defining the term. These are just two different phrases denoting the same thing, right? It would be helpful to be consistent, or at least provide a definition of "bits of entropy" before using it.
Comments? Mr. Swordfish (talk) 21:00, 17 September 2023 (UTC)
Wiki Education assignment: Cybersecurity Policy
This article was the subject of a Wiki Education Foundation-supported course assignment, between 8 January 2024 and 30 April 2024. Further details are available on the course page. Student editor(s): RKM757 (article contribs). Peer reviewers: Smallick84.
— Assignment last updated by MrLavoie (talk) 00:46, 20 February 2024 (UTC)
Addition of NCSC Password Guidelines Section
Hi all,
I have added a new subsection under the "Password guidelines" area, following the "NIST Guidelines" section. The new section summarises the UK National Cyber Security Centre (NCSC) guidance on using the "Three Random Words" strategy for password creation.
The update highlights:
The focus on usability and memorability in modern password practices.
How three random words improve password length and user recall.
The psychological reasoning behind the approach (relating to natural human memory patterns).
Sources include the official NCSC website
Calculations
For example, i can count it as "H = L * Log(N) / Log (2)" (or simply "l*log(n)/log(2)"), where H is password strength, N is the number of possible symbols and L is the number of symbols in the password.
As such, there is simple Python program to calculate all possible password strengths:
from math import *
n = int(input("n = "))
l = int(input("l = "))
print(l*log(n)/log(2))
And surprisingly, your password strength calculations are correct. 15.761395402992038 for "All printable symbols in the Basic Multilingual Plane" and 17.191145986511568 for "All printable Unicode symbols, as of version 16.0". --95.167.183.172 (talk) 15:06, 25 July 2025 (UTC)
If we need to calculate H for 1 symbol, we can shrink it:
from math import *
n = int(input("n = "))
print(1*log(n)/log(2))
General-purpose - extra-short:
from math import *;print(log(int(input("n=")))*int(input("l="))/log(2))
For 1 symbol - extra-short:
from math import *;print(log(int(input("n=")))*1/log(2))
That's a second convenient variant of program to use, if you don't want to press Enter 2 times. Can i shrink it further? --95.167.183.172 (talk) 16:41, 25 July 2025 (UTC)
The absolute shortest (64 bait total, 56 bait code) i could do is:
from math import*;print(log2(int(input("n=")))*int(input("l=")))
And for l=1 (47 bait total, 43 bait code):
from math import*;print(log2(int(input("n="))))
--95.167.183.172 (talk) 17:52, 25 July 2025 (UTC)