For example, if the entropy of a password is 30 bits, what is the entropy of the password when you hash it with MD5?
Asked
Active
Viewed 2,689 times
1 Answers
6
Still 30 bits.
A hash function does not add entropy. It could change the entropy rate though. For example if you had 30 bits of entropy in a 64 bit password and hashed it to a 128 bit digest, the rate has gone down ($\frac{30}{64}\approx 0.47$, but $\frac{30}{128}\approx 0.23$). On the other hand, if the password is 500 bits, the entropy rate goes up.
One way to see this would be to look at all the possible values that the password could be. That would be $2^{30}$ since any other character (or bits) are assumed to be known to the attacker (otherwise they would add entropy, right?). Those $2^{30}$ values would be fed into the hash function and result in $2^{30}$ different digests. So there are the same number of passwords as digests. No added entropy.
mikeazo
- 39,117
- 9
- 118
- 183