What is Entropy?
A measure of randomness or unpredictability in data, particularly important in cryptography for generating secure keys and passwords.
In cryptography, entropy measures how unpredictable a value is. Higher entropy means harder to guess.
Password Entropy
- Entropy is measured in bits
- Each bit doubles the number of possibilities
- A truly random 8-character lowercase password: ~37 bits of entropy
- A random 4-word passphrase from a 7,776-word list: ~51 bits
- AES-256 key: 256 bits of entropy
Why It Matters
- A password with 40 bits of entropy can be cracked in seconds
- A password with 80 bits of entropy would take billions of years
- The strength of encryption depends entirely on the entropy of the key
Sources of Entropy
- Good: Hardware random number generators, mouse movements, disk timing
- Bad: Current time, process ID, sequential numbers
- Critical: Never use predictable sources for cryptographic randomness
The /dev/urandom Debate
On Linux, /dev/urandom is suitable for all cryptographic purposes. The old advice to use /dev/random instead is outdated.
Related Terms
Brute Force Attack
A trial-and-error method of cracking passwords or encryption by systematically trying every possible combination until the correct one is found. While simple in concept, brute force becomes impractical against sufficiently long, random secrets.
Nonce
A 'number used once'—a random or sequential value that ensures cryptographic operations produce unique results even with the same key. Nonces prevent replay attacks and are critical for secure encryption modes.
Passphrase
A sequence of words used as a password, typically longer and more memorable than traditional passwords. Passphrases like 'correct horse battery staple' provide strong security while being easier to remember than random character strings.
Have more questions?
Use our guided flow to get the right next privacy step for Entropy.
Open Guided Flow