I have followed with interest this discussion of passphrase "entropy". What I'm not clear on is the effect of a hashing algorithm on the final entropy. If I come up with a "random" set of printable characters which contain 128 bits of entropy, and feed them to MD5, let's say, will I still have 128 bits of entropy on the output? Or do I need some sort of safety margin above 128 bits to "be sure"? What's lurking in the back of my mind is this -- if you enter something with LESS than 128 bits, the hashing algorithm has to "pad" or otherwise fill in the missing bits from <somewhere>. Now if I have entered a phrase with EXACTLY 128 bits of entropy, hypothetically, is that enough to have flushed the padding or whatever out of the pipeline? Can we really treat MD5 as a "magic black box", or does the optimal input require a knowledge of how the box works? .