    def minimum_entropy_match_sequence(password, matches)
      bruteforce_cardinality = bruteforce_cardinality(password) # e.g. 26 for lowercase
      up_to_k = []      # minimum entropy up to k.
      backpointers = [] # for the optimal sequence of matches up to k, holds the final match (match.j == k). null means the sequence ends w/ a brute-force character.
      (0...password.length).each do |k|
        # starting scenario to try and beat: adding a brute-force character to the minimum entropy sequence at k-1.
        previous_k_entropy = k > 0 ? up_to_k[k-1] : 0
        up_to_k[k] = previous_k_entropy + lg(bruteforce_cardinality)
        backpointers[k] = nil
        matches.select do |match|
          match.j == k
        end.each do |match|
          i, j = match.i, match.j
          # see if best entropy up to i-1 + entropy of this match is less than the current minimum at j.
          previous_i_entropy = i > 0 ? up_to_k[i-1] : 0
          candidate_entropy = previous_i_entropy + calc_entropy(match)
          if up_to_k[j] && candidate_entropy < up_to_k[j]
            up_to_k[j] = candidate_entropy
            backpointers[j] = match
          end
        end
      end

      # walk backwards and decode the best sequence
      match_sequence = []
      k = password.length - 1
      while k >= 0
        match = backpointers[k]
        if match
          match_sequence.unshift match
          k = match.i - 1
        else
          k -= 1
        end
      end

      match_sequence = pad_with_bruteforce_matches(match_sequence, password, bruteforce_cardinality)
      score_for(password, match_sequence, up_to_k)
    end