Password Security Series

Designing Password Generators with Exact Entropy

In the previous post, we counted the size of a structured password generator exactly. That idea leads to a broader design principle: the best generators are not just random — they are built so their entropy can be computed cleanly in closed form.

Part 2 of 5: This post takes the counting mindset from Part 1 and turns it into a design principle: build password generators whose security properties can be measured exactly before implementation.

Main idea

Good generators are easier to trust when the number of outputs is easy to compute.

Reference model

Diceware works because each word is chosen from a fixed list with a known size.

Design rule

If you can count the output space cleanly, you can compute entropy cleanly.

Closed-form entropy is a design advantage Many generators are strong in practice but hard to analyze exactly. A better design is one where the structure itself makes counting straightforward.

The motivating question

Why exact entropy matters

Many password generators produce strong-looking passwords, but it is often surprisingly hard to say exactly how much entropy they provide.

That is a problem. If we want to reason clearly about security, we should prefer generators whose output space can be counted in closed form.

This is one of the reasons the Diceware method became influential. Each word is chosen from a fixed dictionary, so the total number of possible passphrases is easy to compute.

A clean example

A readable word-based password format

Suppose we design passwords like this:

word-word-word

Each word is selected independently from a known dictionary.

Let:

\[ W = \text{number of words in the dictionary} \]

If we choose three words independently, the total number of possible passwords is:

\[ W^3 \]

That is exactly the kind of structure we want: the counting rule is obvious, and the entropy formula follows directly.

Worked example

Using a 2048-word dictionary

Suppose the dictionary contains:

\[ W = 2048 \]

Then the total number of passwords is:

\[ 2048^3 \]

Entropy is:

\[ H = \log_2(W^3) \]

Using logarithm rules:

\[ H = 3\log_2(W) \]

Since:

\[ 2048 = 2^{11} \]

we get:

\[ H = 3 \times 11 = 33 \]

So a three-word passphrase from a 2048-word list has 33 bits of entropy.

Improving the design

How to increase entropy without losing structure

There are two obvious ways to increase entropy:

• Increase the dictionary size
• Increase the number of words

For example, if we use five words from a 4096-word dictionary:

\[ 4096^5 \]

Since:

\[ 4096 = 2^{12} \]

entropy becomes:

\[ 5 \times 12 = 60 \]

That gives us a much larger search space while preserving the same clean counting structure.

Why this is better

Advantages of closed-form generators

• Entropy is easy to calculate
• Password space is mathematically provable
• The generator can be reasoned about before implementation
• Readable formats remain possible

The larger lesson A password format is not just a user-interface choice. It is a mathematical structure. Good structure makes good analysis possible.

Minimal implementation

A simple Python version

import secrets

def generate_passphrase(words, count=3):
    return "-".join(secrets.choice(words) for _ in range(count))

The important part is not the code itself. The important part is that the code matches a model whose output space we can count exactly.

Conclusion

Exact entropy is not just a mathematical luxury. It is a design advantage.

When a generator’s format is clean enough to count directly, its security becomes measurable instead of vague.

The next step is to make that measurement practical: once we know the password space, how do we compute the entropy directly in Python?

Previous: Counting a Structured Password Generator with Combinatorics

Next in the series: Measuring Password Entropy with Python

Raell Dottin