1

I'm trying to find out how much entropy word separators add to a passphrase. Let's say the word list from which we generate our passphrase is 1000 words. If we add space as word separator, how much does the entropy change? what if we add 2@f as separators?

Let's say the character set of any separator is all ASCI characters, so $95$.

A 4 word passphrase taken from a list of 1000 words would have $1000^4$ possible permutations. (example: thatrebornmargaritasloping)

Would 4 word passphrase with a space (' ') as word separator then have $(1000 + 95)^4$ permutations? (For example: that reborn margarita sloping)

Alternatively, what about with 2@f (example: that 2@f reborn 2@f margarita 2@f sloping)

Intuitively, when I change from just word to words + space, the number of permutations doubles. But when I try this out, the word only entropy $85$ bits and with space it goes up to $102$ bits. I assume this entropy calculator is wrong because $\log_2(1000) = 9.965$ bit, so 4 word entropy is about $40$ not $85$. But regardless of this, how much is the separator changing the number of combinations?

Brian61354270
  • 2,170
oatmealisgood
  • 11
  • 1
  • It looks like this isn't really a math question, but a information security question. The "entropy" (using this word loosely) of password is entirely determined by how it chosen and not what its contents are. The procedure you are describing (simply adding extra characters between predetermined words) doesn't change the "entropy" of the password -- it would be just as easy to guess as the password without separators by someone aware of the procedure. Its also not clear what you mean by "combinations" here, since the usually mathematical meaning does not apply with more information. – Brian61354270 Jan 19 '20 at 22:51
  • To bruteforce a 4word passphrase from an 1000 word list, there's 1000^4 combinations, I mean those are all the possible password combinations. How many more combinations will there be if we add word separators like space or 4$3 or //@ (the charset of these separators are 95). Let's just say we know the separator is one character (from a 95character set) and it's always at the end of a word, acting as a space. – oatmealisgood Jan 19 '20 at 23:24

1 Answers1

0

Strictly speaking about the number of permutations (not combinations ), you would have $95\cdot 1000^4$ possible passwords using your example scheme.

It doesn't matter where you put the "separator" character in your passwords; all you're doing is picking one more symbol out of a pool of $95$. Repeating this character multiple times as "spaces" in the password is essentially pointless. The only effect it has is reducing the "density of entropy" in the password and making harder to type. You would do far better by, for example, just adding one more word. You may wish consult Information Security Stack Exhange for more information about password security (such as this question on password creation strategies).

Brian61354270
  • 2,170
  • Let me see if I understand this correctly, you mean if I add one character separator I will increase the permutations from 1000^4 to 95000^4 ? That is 81,45 million times higher. That is more than a 6 word passphrase. – oatmealisgood Jan 20 '20 at 03:41