What is password entropy?

Entropy measures the unpredictability of a password in bits. Formula: H = L × log2(N), where L is the password length and N is the size of the character set used. A higher bit count means more possible combinations and a harder brute-force.

How is the character set size determined?

The tool scans the password for lowercase letters (26), uppercase letters (26), digits (10), and common symbols (32). Each present group adds its count to the pool size N. Using all four groups gives N = 94.

What crack speed should I worry about?

Offline attacks with modern GPUs can reach 10–100 billion guesses per second for fast hash algorithms. For bcrypt or Argon2, the rate drops to thousands per second, making even shorter passwords much safer.

What entropy is considered strong?

Below 40 bits is weak. 40–59 bits is fair. 60–79 bits is good. 80–99 bits is strong. 100+ bits is very strong. For high-value accounts, aim for at least 80 bits.

Does this send my password anywhere?

No. All computation runs in your browser using JavaScript. The password never leaves your device.

Why does adding symbols help more than adding length?

Adding one character type can increase N significantly (e.g. from 62 to 94), multiplying entropy per character. However, for very long passwords, length eventually wins because L multiplies log2(N) linearly.

Password Entropy Calculator

Name: Password Entropy Calculator
Availability: InStock
Author: Nham Vu

Enter a password to see its entropy in bits, character set size, estimated crack time, and strength rating.

Password Input

Password

0 characters

Character sets detected

Lowercase a–z 26

Uppercase A–Z 26

Digits 0–9 10

Symbols !@#… 32

Entropy Result

— bits

0406080100+

Enter a password

Length

Charset size

Combinations

—

Brute-Force Crack Time

Worst-case time to exhaust all combinations at stated attack speed.

10 billion/s (GPU offline, fast hash) —

100 billion/s (multi-GPU rig) —

1 trillion/s (nation-state cluster) —

100k/s (bcrypt/Argon2 hardened) —

Copied!

Summary

Enter a password to see its entropy in bits, character set size, estimated crack time, and strength rating.

How it works

Type or paste a password into the input field.
The tool detects which character sets are used (lowercase, uppercase, digits, symbols).
Entropy in bits is calculated as log2(charset_size ^ length).
Review the crack-time estimates at 10B, 100B, and 1T guesses per second.
Check the strength rating and the breakdown of which character sets contribute.
Use the "Clear" button to reset and test another password.

Use cases

Verify whether a new password meets security policy requirements.
Compare entropy of passphrases vs. random character passwords.
Teach students or colleagues about the math behind password strength.
Estimate how long a known-charset brute force would take.
Audit legacy passwords during a security review.

Frequently Asked Questions

Last updated: 2026-06-11 · Reviewed by Nham Vu