78.84
bits
1,000,000,000,000,000
270,180,043,831,317.28
seconds
8,567,352.99
years
4
78.84
bits
1,000,000,000,000,000
270,180,043,831,317.28
seconds
8,567,352.99
years
4
Password entropy is the fundamental metric used in information security to quantify the unpredictability of a password. Rooted in Claude Shannon's 1948 information theory, entropy measures the amount of uncertainty or randomness contained in a password, expressed in bits. A password with higher entropy is exponentially harder to crack through brute-force attacks, making entropy the single most important factor in password security assessment.
The concept is elegantly simple: if a password is constructed by randomly selecting characters from a set of size S, and the password has length L, then the total number of possible passwords is SL. The entropy in bits is H = L × log2(S). Each additional bit of entropy doubles the number of possible passwords an attacker must try, creating an exponential barrier against brute-force attacks.
The Password Entropy Calculator computes the theoretical entropy of a randomly generated password based on its length and the character set used. It also estimates how long a brute-force attack would take at a given attack speed, measured in guesses per second. Modern GPUs can attempt billions of hashes per second against offline password databases—NVIDIA's RTX 4090 achieves approximately 164 billion MD5 hashes per second—making high-entropy passwords absolutely critical.
NIST Special Publication 800-63B recommends that passwords should be at least 8 characters long, though security researchers widely recommend 12-16 characters as a practical minimum. The character set matters enormously: a 12-character password using only lowercase letters has approximately 56 bits of entropy, while the same length using all printable ASCII characters yields about 79 bits—a difference of over 8 million times more combinations.
Understanding entropy helps users make informed choices about password creation strategies. A 20-character passphrase using lowercase letters (94 bits) can be more secure and memorable than a random 12-character password using all printable characters (79 bits). This calculator helps you explore these tradeoffs and find the optimal balance between security and usability for your specific threat model.
It is important to note that this calculator assumes truly random password generation. Human-chosen passwords typically have far lower effective entropy because people tend to use dictionary words, predictable substitutions (e.g., @ for a), and common patterns. For real-world password security, always use a cryptographically secure random password generator to achieve the full theoretical entropy calculated here.
The calculator applies Shannon's entropy formula from information theory:
$$H = L \times \log_2(S)$$
where H is the entropy in bits, L is the password length, and S is the size of the character set. The logarithm base 2 converts the measurement to bits, the fundamental unit of information.
The total search space (number of possible passwords) is:
$$N = S^L$$
For a brute-force attack, the expected number of guesses to find the correct password is N/2 on average, but we use the full N for worst-case analysis.
Crack time is computed as:
$$t = \frac{S^L}{G}$$
where G is the number of guesses per second. The default of 1 billion (109) represents a modern GPU cluster attacking unsalted MD5 hashes. For bcrypt or Argon2 hashed passwords, the effective attack speed drops to thousands or hundreds of guesses per second.
The strength rating maps entropy ranges to a 1–5 scale: 1 (Very Weak, <28 bits), 2 (Weak, 28–35 bits), 3 (Moderate, 36–59 bits), 4 (Strong, 60–127 bits), 5 (Very Strong, 128+ bits). These thresholds align with common industry guidelines and NIST recommendations.
An entropy value below 28 bits means your password can be cracked in under a second by modern hardware—this is critically insecure. Passwords in the 36–59 bit range offer moderate protection suitable for low-value accounts but are inadequate for financial or administrative access.
For sensitive accounts, aim for at least 60 bits of entropy, which corresponds to approximately 10 characters from the full printable ASCII set or 13 alphanumeric characters. For cryptographic keys and high-security applications, 128 bits or more is the standard target, as this exceeds the computational limits of any known or foreseeable technology.
The crack time estimate assumes an offline brute-force attack against unsalted hashes. Online attacks are typically rate-limited to far fewer attempts per second, but offline attacks against leaked databases face no such restriction. Always assume the worst case—that an attacker has obtained the hashed password database and is attacking offline.
Inputs
Results
An 8-character alphanumeric password has about 47.6 bits of entropy. At 1 billion guesses per second, it can be cracked in approximately 2.5 days. This is considered moderate strength and insufficient for high-value targets.
Inputs
Results
A 16-character password using all printable ASCII characters has about 105 bits of entropy. Even at 1 billion guesses per second, cracking would take over a quadrillion years—far exceeding the age of the universe. This is a strong password.
Password entropy is a measure of the randomness or unpredictability of a password, expressed in bits. It quantifies how difficult a password is to guess through brute-force methods. Higher entropy means more possible combinations and exponentially greater resistance to cracking. The concept comes from Claude Shannon's information theory, where each bit of entropy doubles the search space an attacker must explore.
NIST and most security experts recommend at least 60 bits of entropy for general-purpose passwords and 128 bits for cryptographic keys. For everyday online accounts, 50-60 bits provides reasonable protection when combined with rate limiting and account lockout. For sensitive accounts (banking, email, admin), aim for 80+ bits. For master passwords protecting a password manager, 100+ bits is advisable.
Length has a greater impact because entropy scales linearly with length but only logarithmically with character set size. For example, adding 4 characters to a lowercase password adds about 19 bits, while switching from lowercase (26) to full ASCII (95) for the same length adds only about 2.5 bits per character. This is why long passphrases can be more secure than short complex passwords.
For offline attacks against unsalted MD5 hashes, modern GPUs can achieve 10-100+ billion guesses per second. For salted SHA-256, speeds drop to about 1-10 billion. For bcrypt (cost factor 12), speeds drop to thousands per second. For Argon2id, speeds are even lower. The default of 1 billion represents a conservative estimate for common hash types on moderate hardware.
The entropy formula H = L × log2(S) assumes each character is chosen uniformly at random from the character set. Human-chosen passwords violate this assumption—people use dictionary words, common substitutions, and predictable patterns. A human-chosen 12-character password might have only 20-30 bits of effective entropy despite theoretically having 79 bits. Always use a cryptographic random generator for maximum entropy.
Online attacks target login forms and are typically limited by rate limiting, CAPTCHAs, and account lockout (perhaps 10-1000 attempts per second). Offline attacks occur when an attacker obtains the hashed password database and can test billions of guesses per second locally. Entropy calculations primarily address offline attack scenarios, which represent the worst case.
Salting prevents precomputed attacks (rainbow tables) but does not slow down brute-force. The hash algorithm determines brute-force speed: fast hashes like MD5 or SHA-1 allow billions of guesses per second, while memory-hard algorithms like Argon2id or CPU-intensive ones like bcrypt can reduce attack speed to hundreds or thousands per second, making even moderate-entropy passwords much harder to crack.
For all practical purposes, yes. A 128-bit search space contains 3.4 × 1038 possibilities. Even if every atom in the observable universe were a computer performing a trillion guesses per second, exhausting this space would take longer than the age of the universe. This is why 128-bit is the standard for symmetric cryptographic keys (e.g., AES-128).
A passphrase like 'correct-horse-battery-staple' uses words from a dictionary of ~7,776 words (Diceware). Four random words give about 51 bits of entropy (4 × log2(7776) = 51.7). Six words give 77 bits. Passphrases are generally easier to remember and type than random character strings of equivalent entropy, making them an excellent choice for master passwords and memorized credentials.
NIST SP 800-63B (2017, updated 2024) recommends: minimum 8 characters, support up to 64+ characters, no composition rules (forced uppercase/special chars), no periodic expiration, check against breached password lists, use rate limiting and MFA. NIST found that complex composition rules often lead to weaker passwords because users adopt predictable patterns to satisfy requirements.
Roboculator Team
The Roboculator Team explains calculations, planning tools, and practical formulas in clear language for real-life situations.
How helpful was this calculator?
Be the first to rate!
