Re: passphrases with more than 160 bits of entropy

```Matt Crawford wrote:

```
I so often get irritated when non-physicists discuss entropy. The word is almost always misused.
```
Yes, the term "entropy" is often misused ... and we have seen some
do not have a monopoly on correct usage.  Claude S was not a physicist,
yet he definitely knew what he was talking about.  Conversely, I know
more than a few card-carrying physicists who have no real feel for what
entropy is.

```
I looked at Shannon's definition and it is fine, from a physics point of view.
```
Indeed.

```
But if you apply thoughtfully to a single fixed sequence, you correctly get the answer zero.
```
I agree with all that, except for the "But".  Shannon well knew that
the entropy was zero in such a situation.

```
If your sequence is defined to be { 0, 1, 2, ..., 255 }, the probability of getting that sequence is 1 and of any other sequence, 0. Plug it in.
```
Indeed.

```
If you have a generator of 8-bit random numbers and every sample is independent and uniformly distributed, and you ran this for a gazillion iterations and wrote to the list one day saying the special sequence { 0, 1, 2, ..., 255 } had appeared in the output, that's a different story. But still, we would talk about the entropy of your generator, not of one particular sequence of outputs.
```
Yes.  Shannon called it the "source entropy", i.e. the entropy of
the source, i.e. the entropy of the generator.

Perry Metzger wrote:

```
```Usually, the best you can do is produce (bad) bounds, and sometimes
not even that.
```
```
Huh?  What's your metric for "usually"?  I'll agree as a matter of
principle that whatever you're doing, you can always do it wrong.
But that doesn't prevent me from doing it right.  I can use physics
to produce good bounds, that is,
http://www.av8n.com/turbid/

=======================

The problem posed by the OP is trivial, and good solutions have already
been posted.  To recap: SHA-512 exists, and if that isn't good enough,
you can concatenate the output of several different one-way functions.
You can create new hash functions at the drop of a hat by prepending
something (a counter suffices) to the input to the hash.

Example:  result = hash(1 || pw)  ||  hash(2 || pw)  ||  hash(3 || pw)

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
```