Password Entropy Calculator

Password Entropy Calculator

Connect via MCP →

Enter Calculation

Formula

Advertisement

Results

Password Entropy
71.45
bits of entropy
Character set size 62 characters
Estimated crack time (10B guesses/sec) 161,313,338,119.9 seconds

What Is Password Entropy?

Password entropy is a measure of how unpredictable a password is, expressed in bits. Each additional bit doubles the number of guesses an attacker must make. A password with 40 bits of entropy requires up to \(2^{40}\) (about a trillion) attempts to brute-force, while 80 bits is astronomically stronger. Entropy is the single most useful objective number for comparing password strength.

Bar comparison of password strength shown as growing stacks of bits for short versus long passwords
Longer passwords and larger character sets produce more entropy bits.

How to Use This Calculator

Enter your password length and tick every character set your password draws from. The tool adds up the pool sizes — lowercase (26), uppercase (26), digits (10) and symbols (32) — to get the character-set size N, then computes the entropy. More length and more character types both increase entropy, but length usually delivers the biggest gain.

The Formula Explained

The standard formula is $$E = L \times \log_{2}(N)$$ where \(L\) is the number of characters and \(N\) is the size of the character pool. Because each position can independently be any of \(N\) symbols, the total number of possible passwords is \(N^{L}\), and \(\log_{2}\) of that gives the bits of entropy. This assumes a truly random password; a dictionary word or predictable pattern has far less effective entropy than the formula suggests.

Diagram showing entropy equals length multiplied by log base 2 of character set size
Entropy combines password length (L) with character set size (N).

Worked Example

Take a 12-character password using lowercase, uppercase and digits. The character pool is \(26 + 26 + 10 = 62\). $$E = 12 \times \log_{2}(62) = 12 \times 5.954 \approx 71.45 \text{ bits}$$ That corresponds to roughly \(2^{71.45} \approx 3.2 \times 10^{21}\) combinations — extremely resistant to brute force.

FAQ

How many bits is "strong"? 60+ bits is decent for most accounts; 80+ bits is recommended for high-value or master passwords.

Does this account for dictionary attacks? No. The formula assumes random characters. Real words, names and substitutions reduce true entropy dramatically — use a random generator or passphrase.

Why use 10 billion guesses/sec? It is a reasonable estimate for a well-funded offline attack on fast-hashed passwords; slower hashing slows attackers further.

Last updated:

Related calculators

  • Password Combination Calculator

    Calculate the total number of possible password combinations and entropy in bits from your character set size and password length.

  • Shannon Entropy Calculator

    Calculate Shannon entropy (in bits) from a probability distribution or raw counts using H = −Σ pi log2(pi). Get entropy, max entropy, and efficiency.

  • Contrast Ratio Calculator

    Calculate WCAG color contrast ratio from RGB values. Check AA and AAA accessibility compliance using relative luminance: (L1+0.05)/(L2+0.05).

  • Image File Size Calculator

    Estimate an image's file size from width, height, color depth and compression. Get the result in bytes, KB and MB instantly.

  • Image Aspect Ratio Calculator

    Find the aspect ratio of any image and calculate proportional resize dimensions. Enter width and height to get the simplified W:H ratio instantly.