From my understanding, I think there is an entropy bug in the new acronym generator.
I was doing some console.log checks to help me understand how you were doing the entropy math and I noticed that the entropies variable seemed to have different types:
The first item in the entropies list already has Math.log2 applied to it, but the rest of the items don't.
Then in the getSecurity function you run Math.log2 on all the items in entropies and then sum them together to get the final bit count. I think this causes the first item to have Math.log2 applied to it twice, screwing up a correct bit count.
From my understanding, I think there is an entropy bug in the new acronym generator.
I was doing some
console.log
checks to help me understand how you were doing the entropy math and I noticed that theentropies
variable seemed to have different types:The first item in the
entropies
list already hasMath.log2
applied to it, but the rest of the items don't.Then in the
getSecurity
function you runMath.log2
on all the items inentropies
and then sum them together to get the final bit count. I think this causes the first item to haveMath.log2
applied to it twice, screwing up a correct bit count.This makes you underestimate the true entropy.