1996-11-23 - how much entropy in common answers

Header Data

From: Pat Farrell <pfarrell@netcom.com>
To: cypherpunks@toad.com
Message Hash: 5c51e49b190946cc8777e4a093d43bd9d1b8ebea86927d74b3d8b02e4af951f5
Message ID: <199611231714.JAA21617@netcom5.netcom.com>
Reply To: N/A
UTC Datetime: 1996-11-23 17:14:16 UTC
Raw Date: Sat, 23 Nov 1996 09:14:16 -0800 (PST)

Raw message

From: Pat Farrell <pfarrell@netcom.com>
Date: Sat, 23 Nov 1996 09:14:16 -0800 (PST)
To: cypherpunks@toad.com
Subject: how much entropy in common answers
Message-ID: <199611231714.JAA21617@netcom5.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain

I've been playing arround with some code to implement CME's 
secret sharing using low entropy answers. (His write-up
is in http://www.clark.net/pub/cme/html/rump96.html)

In the write-up, Carl says " That means that it has very low entropy. For example, a person's first name has only about 8 bits of entropy. Car makes and models have only 2 to 4 bits of entropy -- especially if one is naming cars desirable to a teenager."

Further on, he says "Therefore, if each answer has entropy E, the attacker must correctly guess T=(EK) bits of answers. If T exceeds 90 bits or so, then the user is reasonably secure from answer-guessing attacks." (where K is the number
of questions)

My question is, how do we measure the entropy of each answer so we can
calculate when we've got 90 or so bits.  I know when I was a teenager,
the list of car lust objects was short, and everyone wanted a Mustang or
Camaro, so the entropy of those two choices was much less than half a bit.

A similar idea was mentioned in a critique of the plot of West Side Story.
The question is, on a hot night in Spanish Harlem, what percentage of
women are named "Maria"?

Clearly there are cultural issues involved. The entropy in a question
such as "what is your favorite brother's name?" is low in an Irish
family like mine where names cluster arround choices such as are Patrick,
John, Sean, and Dan.

So how do we measure the entropy objectively?


Pat Farrell    CyberCash, Inc. 			(703) 715-7834
#include standard.disclaimer