[mlyle]

> It's just a bare minimum that you reduced

No, it's the -maximum- that I reduced entropy by. If I choose randomly from 4 possible passwords, I've shaved off --no entropy--.

If I choose with a strongly predictable preference (say, everyone knows I'll pick the password that's first alphabetically) I've shaved nearly 2 bits off the probable search space: you probably only need to look in the first 1/4th of the search space.

Choosing with some subtle, individual preferences is something inbetween.

[mlaci]

> with a strongly predictable preference

No, your example has nothing to do with preference, your method (picking out of 4) just less random than picking from one (the first).

Preference is, when certain passwords more likely to be picked than others or at those passwords less likely to be stepped over to generating a new one. Wtih strong preference you regenerate until you got that preferred password, for example you prefer short words and the attacker know that, at first trying combinations with short words has better chance to cracking the password.

[mlyle]

You're just talking past me, bro. Regenerating and picking your favorite from a few is reasonable and isn't a big entropy penalty (the penalty is easily bounded).

Infinitely re-rolling until you get the exact phrase "correct horse battery staple" obviously has a severe entropy penalty, and this is not a reasonable course of action.

[mlaci]

> You're just talking past me, bro.

Sorry for over explaning, but I feel it necessary.

Sticking with your example and making more formal. Name it pick function and let its three modes, random, deterministic and preference. In the random mode, the probability of picking one from the inputs are equal to picking to any other. In the deterministic mode, with the same inputs the function always picking the same and the probability of others are zero, but if the inputs change or any input, it could change the picked one. In the preference mode the function not just picking one, but making a sorted list of the inputs. In the preference mode, changing one input not changing the others sorting. In this mode using pick function on several inputs you got some information about the inputs overall probability distribution aka entropy (more precisely entropy is the measure of that).

The important from this, determinism not imply preference, but not random also. Cryptographic hash functions doing the extreme version of this determinism, the output is well "distributed", but not random. (PS: Sometime that characteristic called pseudorandomness, that is how PRNGs works with random seed)

Deterministic pick applied to random pick just less random than random pick alone on the same set, because random pick has the maximum of the entropy and adding some deterministic part just reducing that. But most people not picking with a well distributed deterministic function in their mind, more likely they pick with preference, which is I think much worse. So, that why I call it the bare minimum.