Master Password Backup

lyricism:

ignoramous:

It is fine the way password managers vend them out, with sufficient entropy.

I think the issue is just that you can’t really measure entropy of a non-random password. Cryptographic entropy is a property of the mechanism by which the password was generated, not the password itself. That’s why a passphrase of x characters has less entropy than a password with x characters. If someone creates a password that’s just their name any entropy estimate will be inaccurate. You need a secure random method of generation for any entropy estimates to be accurate.

Entropy can be calculated.