FF-pwgen:Entropy

The app shows you the "entropy" of a password, how does this correlate with the password strength?

Well, this is because the assumption is: if you have an password with an entropy of 40 bits, these bits are randomly chosen and you have to search the whole key space (40 bits here) to find a matching phrase (assuming the the used hash algorithm does not produce collisions very often) - so the more entropy your password has, the more possibilities must be checked to find a matching phrase.

What you need to know, is that the formula to compute this value is based on the source of all characters which are available to build the password where each character has the same possibility to occur in the password (note: this holds only true, if you use paranoid mode).

The app uses the currently set entropy mode - which is high (+++) by default, this can yield in a higher entropy displayed then you really have (if you have entered your own password). Passwords created by humans have at best ++ (all letters + 0-9) so an alphabet around 50 - 60 chars to choose from.
So if you check a human generated password, please be sure to adjust the correct entropy level in the app to get an reasonable result. Even then human passwords tend to be real words because this way, they are better memorizable. This is the sole reason, why dictionary attacks are so successful. They just try a dictionary of existing words, apply some permutation (e.g. append a number) and calculate the hash for that. You would be surprised how good this generally work.

Hint:
You can choose entropy level user and then select digits, mixed letter case if the password contains mixed letters and either small or big letters otherwise. This will make the alphabet smaller and lowers number of entropy bits the app will use to compute.

To give you a better overview over your current passwords, the compute view has a special landscape view, which was created to check human generated passwords (just enter the password in portrait mode and then turn your device to landscape). If you enable the switch at the bottom, a special algorithm is used to calculate the entropy of human passwords (which yields in a far lower entropy rate but it is more accurate because human generated passwords are prone to dictionary attacks and violate the basic assumption, that every character of the passphrase is randomly choosen).

The algorithm works as follows:

o the first char has a entropy of 4 bits
o the chars 2-8 have a entropy of 2 bits each
o the chars 9-20 have a entropy of 1.5bits each
o the chars > 20 have a entropy of 1 bit each
o +5 bit entropy added, if different cases are used
o +5 bit entropy added, if special chars are used
o +4 bit entropy added, if numeric digits (0-9) are used

What does the app consider as "good" entropy?

The app does use 128 bits as 100% - which is very hard to reach if you must enter the password manually somewhere. A password generated with paranoid mode which yields 128 bits should be considered very strong. However - because the algorithm does not weight the characters itself (e.g. "eeeee" results in the same entropy as "3K($q") you need to be careful. If you see repeated chars you might can be caught by a permutation rule of a password cracker, which yields in a very low entropy even when the computation does not say so.

Remember that you main goal must be to produce a password, which evades the rules of a cracker program. Repeating chars or numbers and words from common dictionaries are a good cracking team and you can expect, that a word with a arbitrary number appended is a very weak password - not by entropy count but because it falls within the rules of a cracker program and is therefore very likely to be found (that is how the cracking apps are working as they can not search the whole 128 bits by checking every possible combination)

For this reason, you should pick "paranoid" which gives you very strong passwords which are difficult to catch for cracking apps - especially if you are using password with more then 12 chars.

But how can the attacker get knowledge how the password is created?

He can't but as times goes by there might be new attacks which yields in a much greater key space the attacker can check in a reasonable time. This could mean, that only a password with a good entropy (based on a large input alphabet and randomly chosen characters) can withstand such an attack as long as possible.

This is the only reason why you (password creator) may want to know how strong your password is, the cracker just does the same thing on each password he wants to crack - with only a hash you can't see, if a password is weak or not. You will see this in the result: password is cracked yes or no.