Password Entropy Calculator
Estimate the cryptographic strength (entropy) of a password based on its length and character set.
Results
What is it?
Password entropy measures how unpredictable (and thus how hard to brute-force) a password is. It is calculated as H = L x log2(N), where L is the password length and N is the size of the character set. Every extra bit of entropy doubles the number of guesses needed.
How to use
Select which character types your password uses and enter its length. The calculator computes the full character pool size, the resulting entropy in bits, and an estimated time to crack by exhaustive brute-force at 1 billion guesses per second (a fast GPU rate).
Example scenario
A 12-character password using all four character types (94-char pool) gives ~78.8 bits of entropy. At 1B guesses/sec that is ~12 million years. A 6-character all-lowercase password gives ~28 bits — cracked in under a second. Length matters far more than character variety.
Pro tip
NIST SP 800-63B (2017 guidelines) recommends at least 8 characters and prioritises length over complexity. A memorable passphrase of 4 random words (e.g. "correct-horse-battery-staple") provides ~50+ bits of entropy and is easier to remember than "P@ssw0rd1!". Targets: 60 bits = good, 80 bits = great, 100+ bits = excellent for high-security use.