What is Shannon entropy?

Shannon entropy, introduced by Claude Shannon in 1948, quantifies the average amount of information (surprise) in a set of symbols. For a password it tells you roughly how many bits a brute-force attacker must guess to crack it.

What is a good entropy value for a password?

Security professionals generally recommend at least 60–80 bits for sensitive accounts. A random 12-character password drawn from all printable ASCII characters has about 78 bits of pool-based entropy.

What is the difference between pool entropy and frequency entropy?

Pool entropy assumes every character in the detected sets is equally likely. Frequency entropy is calculated from the actual character distribution in your specific password — it can be lower if you repeat characters. The pool method is the standard used in password-strength estimates.

Is my password sent to any server?

No. All calculation happens entirely in your browser with JavaScript. Nothing is transmitted or logged.

Why does a long password of all the same character have low frequency entropy?

Frequency entropy drops to near zero when all characters are identical because there is no uncertainty — an attacker who knows one character knows them all. Pool entropy is still nonzero because it counts the theoretical pool, not the actual distribution.

How can I increase my password entropy?

Use a longer password, include all four character classes (lowercase, uppercase, digits, symbols), and avoid repetition or predictable patterns. A passphrase of five or more random words also achieves high entropy.

Shannon Entropy Password Checker

Name: Shannon Entropy Password Checker
Availability: InStock
Author: Nham Vu

Type a password to instantly see its Shannon entropy in bits and a full character-set breakdown.

Password Input

Your Password

Your password never leaves your browser.

Character Sets Detected

Lowercase a–z

26 chars

Uppercase A–Z

26 chars

Digits 0–9

10 chars

Symbols !@#…

32 chars

Pool size: 0 characters

Enter a password on the left to see its entropy analysis.

Summary

Type a password to instantly see its Shannon entropy in bits and a full character-set breakdown.

How it works

Type or paste your password into the input field.
The tool detects which character sets are present: lowercase, uppercase, digits, and symbols.
Pool size is calculated as the sum of characters in all detected sets.
Pool-based entropy = password length × log₂(pool size).
Frequency-based entropy = −∑ p(c) × log₂(p(c)) × length, where p(c) is the proportion of each unique character.
A strength label (Weak / Fair / Good / Strong / Very Strong) is assigned based on total bits.

Use cases

Evaluate how strong a password is before using it on an important account.
Compare multiple candidate passwords and pick the highest-entropy option.
Understand why adding a symbol or digit meaningfully increases entropy.
Teach information-theory concepts with a live, interactive example.
Audit existing passwords stored in a password manager without sending them anywhere.
Demonstrate why short passwords are weak even when they look complex.

Frequently Asked Questions

Last updated: 2026-06-11 · Reviewed by Nham Vu