I've been playing arround with some code to implement CME's secret sharing using low entropy answers. (His write-up is in http://www.clark.net/pub/cme/html/rump96.html) In the write-up, Carl says " That means that it has very low entropy. For example, a person's first name has only about 8 bits of entropy. Car makes and models have only 2 to 4 bits of entropy -- especially if one is naming cars desirable to a teenager." Further on, he says "Therefore, if each answer has entropy E, the attacker must correctly guess T=(EK) bits of answers. If T exceeds 90 bits or so, then the user is reasonably secure from answer-guessing attacks." (where K is the number of questions) My question is, how do we measure the entropy of each answer so we can calculate when we've got 90 or so bits. I know when I was a teenager, the list of car lust objects was short, and everyone wanted a Mustang or Camaro, so the entropy of those two choices was much less than half a bit. A similar idea was mentioned in a critique of the plot of West Side Story. The question is, on a hot night in Spanish Harlem, what percentage of women are named "Maria"? Clearly there are cultural issues involved. The entropy in a question such as "what is your favorite brother's name?" is low in an Irish family like mine where names cluster arround choices such as are Patrick, John, Sean, and Dan. So how do we measure the entropy objectively? Thanks Pat Pat Farrell CyberCash, Inc. (703) 715-7834 pfarrell@cybercash.com #include standard.disclaimer