Entropy is hidden information

3 min read - Text Only

Entropy is hidden information. It is impractical to guess and it is appears unrelated to any leaked information.

Take for instance, a Diffie-Hellman key exchange: The public keys are known, but the private keys are unknown. The two are mathematically related, but impractical to reverse (a common trope of cryptography). Likewise, it is practically impossible to recover the pre-image of a hash. You should not be able to recover the inputs (the pre-image) to a strong cryptographic hash function from the output digest.

The phrase of "bits of entropy" is a measurement of how much brute-force effort must be applied using a classical computer to determine what the secret value is using existing information.

If I told you my favorite color is "Yellow", it is now known information. Anywhere related to me where "Yellow" is secret information is now less secure. If my password was "YellowFlowers", how difficult would it be to do a dictionary attack with "Yellow" as a prefix or postfix? It is not difficult at all, with consumer hardware this can be done under three minutes with PBKDF2.

Consider, "what if I hash it first?" and you have a string like e4f2f9eb7df68ded167cbae6211c1b6d4c8ea189e659684ec3e4433cabc996f8. It is 256 bits long! Just because it is that long does not mean it has 256 bits of entropy. Transformations to secret data does not increase its entropy. It might make it more computationally difficult, but as we see with computing hardware and data centers growing in capability every year, artificial computational difficulty is not going to scale.

This is also why timing attacks are important. Any side channel that reveals secret information reduces the entropy of that secret to the attacker.