Comments on: About 33 Bits

By: Arvind

Arvind — Fri, 12 Feb 2010 05:15:00 +0000

No, I’m not implying that. Entropy is simply a mathematical construct that describes how much information there is to be gained from a piece of data. It says nothing about how easy it is to find data about a person. The fact that is is easy to find auxiliary sources of data in order to determine someone’s identity is an empirical observation.

“Also there might only be 6billion humans on this earth but it doesn’t mean we can’t have 6000billion identities, right?”

That is true; however –

1. unless you make sure your behavior under each identity is completely independent of the others, your various identities can still be tied to each other.

2. the effort needed to create even a single believable alternate virtual identity is too high for most people to bother with.

3. going from 6 billion to 6000 billion identities only increases the entropy requirement from 33 to 43 bits, which is a negligible increase!

By: anonymouscat

anonymouscat — Fri, 12 Feb 2010 03:32:10 +0000

Arvind Sahib,
when you say that you only require 33 bits of information and that my hometown contributes 16 or so bits, you are implying that getting more of the relevant bits is as easy as finding my hometown. Also there might only be 6billion humans on this earth but it doesn’t mean we can’t have 6000billion identities, right?

By: Lars

Lars — Mon, 23 Nov 2009 09:37:28 +0000

You probably should mention that it is 32.6 distinguished bytes of data. Although this should be clear to anybody ever having heard the term ‘entropy’ in the computer science context, comments above show that this is not the case for all of your readers.

The actual truth is, that you need only 33 bits to encode an unique identity for every person. Needing only 33 bits to identify everyone sounds freakish alarming (considering that my name above in ASCII already takes up 32 bits. But it could be a little more clear, that you need very special 33 bits.

Having said that, I envy you for having had the idea for that title, instead of me that is.

By: Arvind

Arvind — Sun, 09 Aug 2009 21:44:42 +0000

Thanks for your comment. This thread is too getting deep, I’ve replied to you below.

By: Arvind

Arvind — Sun, 09 Aug 2009 21:43:43 +0000

John, It would indeed be good to have such a script; at the same time, I think limiting the rate at which an attacker can guess passwords has a far greater effect on password security than making the user choose stronger passwords. The entropy of a password is only vaguely defined. It can only be measured relative to the algorithm that the attacker is going to use, which of course is unknown. I have a paper on password cracking, which might help explain what I'm talking about.

By: John

John — Sun, 09 Aug 2009 21:32:12 +0000

Great work, very interesting Arvind.

Somewhat unrelated, but I’m hoping someone comes up with a “password meter” that shows actual bits of entropy.

As you are no doubt aware, many folks choose, um, poorly.

http://www.webresourcesdepot.com/10-password-strength-meter-scripts-for-a-better-registration-interface/ has varying levels; some are graphically great, but some call back to servers for parts of their functionality.

I question the algorithms that are used to determine effectiveness; I’m imagining things like the old Pgp versions that used to show a calculated entropy in bits (now you know how I found your site!) in real time, as you typed what you hoped was a good pass phrase.

Thanks, John

By: Arvind

Arvind — Sun, 24 May 2009 01:24:44 +0000

Relax, she didn’t say she was a computer scientist. It is perfectly reasonable for a non-CS/math/physics person not to be able to figure out entropy without any explanation.

By: george

george — Thu, 21 May 2009 09:20:41 +0000

I can’t believe that a doctoral student just asked about “the math” behind this. You don’t even need to know about log2 in order to figure this out.

1 bit can hold two values
2 bits can hold four values
how many bits do you need to hold 6 billion values?

One can just start entering powers of 2 in his calculator until his reaches that sum!.

I`m sorry if I come across as bashing but I’m genuinely freaked out.

By: Arvind

Arvind — Fri, 27 Mar 2009 18:19:20 +0000

It's the logarithm of the world human population. Please see the definition of entropy. A quantity that has N possible values has an entropy of at most log_2(N) bits, by definition.

By: Dianne Bltistein Solomon

Dianne Bltistein Solomon — Fri, 27 Mar 2009 18:03:02 +0000

Hi.. I’m a doctoral student at Nova Southeastern Universtiy working on privacy and ecommerce. Just found your blog. What’s the math behind the 32.6 bits?