Is the entropy quite as fixed as suggested?

Question

Is the entropy quite as fixed as suggested?

Closed this issue 10 years ago · 1 comments

I've been playing around. I don't know if the following matters as the probability of each abbr is still 2^-10. I think it only matters if part of the password is revealed so it's not too important but just thought I'd bring it up.

If I know that the password contains a 'z' I also know that the 'z' must be in positions 2,5,8,11… of the password (and also actually that the whole abbr is 'siz').

If I know that the password contains 'f' there is a 68% chance that 'f' is in initial positions (0,3,6,9…) of the abbrase

There is a 49% chance that the middle letters (1,4,7…) are vowels. The middle letter cannot be a 'j'.

Second column (Initial): probability that characters 0,3,6… are a,b,c,d…

Last 3 columns of table: given that you know that the password contains an 'a',
what is the probability that it is in an initial, middle or final position.

Letter  Initial Middle  Final   init    mid fin
a   9.08%   14.36%  6.35%   30.5%   48.2%   21.3%
b   5.47%   1.27%   1.86%   63.6%   14.8%   21.6%
c   5.47%   1.76%   4.98%   44.8%   14.4%   40.8%
d   5.86%   1.27%   3.91%   53.1%   11.5%   35.4%
e   5.86%   14.26%  7.13%   21.5%   52.3%   26.2%
f   4.88%   0.59%   1.76%   67.6%   8.1%    24.3%
g   3.22%   0.68%   3.61%   42.9%   9.1%    48.1%
h   3.81%   3.03%   1.07%   48.1%   38.3%   13.6%
i   3.03%   12.50%  8.30%   12.7%   52.5%   34.8%
j   0.78%   0.00%   0.59%   57.1%   0.0%    42.9%
k   0.78%   0.29%   0.78%   42.1%   15.8%   42.1%
l   4.88%   4.39%   6.35%   31.3%   28.1%   40.6%
m   4.79%   1.95%   3.91%   45.0%   18.3%   36.7%
n   3.32%   6.05%   6.84%   20.5%   37.3%   42.2%
o   3.03%   14.75%  5.96%   12.8%   62.1%   25.1%
p   5.37%   1.66%   3.13%   52.9%   16.3%   30.8%
q   0.39%   0.20%   0.49%   36.4%   18.2%   45.5%
r   4.69%   5.66%   7.52%   26.2%   31.7%   42.1%
s   10.35%  1.76%   6.25%   56.4%   9.6%    34.0%
t   5.86%   1.76%   7.13%   39.7%   11.9%   48.3%
u   2.44%   8.01%   4.30%   16.6%   54.3%   29.1%
v   2.44%   0.78%   2.83%   40.3%   12.9%   46.8%
w   3.52%   1.07%   1.56%   57.1%   17.5%   25.4%
x   0.00%   0.88%   0.98%   0.0%    47.4%   52.6%
y   0.68%   1.07%   2.34%   16.7%   26.2%   57.1%
z   0.00%   0.00%   0.10%   0.0%    0.0%    100.0%

Also the first 2 letters of the prefix are skewed:

Pair    Num Prefixes
re- 17
un- 16
co- 15
de- 15
se- 15
in- 14
li- 14
ma- 14

So if I'm missing just one abbr then I can make a poor guess that it's likely to be rea, reb, rec, red, ref, reg, rei, rej, rel, rem, ren, rep, req, res, ret, rev, or rew, even though the most likely initial letters are 's' (10%) or 'a' (9%). Actually scratch that as things are not mutually independent.

Not actually a cause for concern, just a note really.

Answer 1 · 2015-02-23T04:08:24.000Z

Good to note, but most passwords with good mnemonics don't have independently distributed characters.