From my understanding, I think there is an entropy bug in the new acronym generator.
I was doing some console.log checks to help me understand how you were doing the entropy math and I noticed that the entropies variable seemed to have different types:
The first item in the entropies list already has Math.log2 applied to it, but the rest of the items don't.
Then in the getSecurity function you run Math.log2 on all the items in entropies and then sum them together to get the final bit count. I think this causes the first item to have Math.log2 applied to it twice, screwing up a correct bit count.
atoponce
commented
1 year ago
From my understanding, I think there is an entropy bug in the new acronym generator.
I was doing some
console.logchecks to help me understand how you were doing the entropy math and I noticed that theentropiesvariable seemed to have different types:The first item in the
entropieslist already hasMath.log2applied to it, but the rest of the items don't.Then in the
getSecurityfunction you runMath.log2on all the items inentropiesand then sum them together to get the final bit count. I think this causes the first item to haveMath.log2applied to it twice, screwing up a correct bit count.This makes you underestimate the true entropy.