arkanoid
Rating
+0.20
Power
0.53
avatar
I will eventually put everything there too. I did not finish translating my old stuff yet (to be honest, «just started» would be more precise)
avatar
Also, in real world scenarios we are forced to make estimations and ad hoc measurements to evaluate the quality of the oracle function, otherwise we should imply that every oracle is perfect and quality of any human generated password is exactly ZERO, since it has next to nothing of «entropy».
avatar
Sure there is. We have a generator function and an oracle function, and we have a relation between two which is quite complicated.

Humans are remarkably bad as generator functions (it is easy to build a good oracle for them). IIRC there were experiments when people are told to simulate coin flipping game and make up a result — it is quite predictable and nowhere close to random. So most of the time it is useful to deploy an external source of entropy and generate passwords that are just as random as they seem.

And here is some funny consequence: if a human is allowed to choose one of several randomly generated passwords he likes most, we must assume that there is an oracle function that could predict that choice with amazing precision. And it's measurable in terms of entropy degradation, so entropy is not that useless at all ;-)