Password Entropy Calculator
Calculate the information-theoretic bit entropy of any password or API key. Detects character set pools automatically, shows the total number of possible combinations, and estimates crack time across five attack scenarios from rate-limited web logins to GPU cracking clusters.
How to Use Password Entropy Calculator
How to Use the Password Entropy Calculator
Step 1: Enter Your Password or Key
Type or paste a password or API key into the input field. Entropy is calculated in real time as you type. Use the eye icon to toggle visibility.
How Entropy Is Calculated
Entropy measures how unpredictable a password is — how many bits of information it contains:
Entropy (bits) = log2(charset size) x length
The charset size is determined by which character pools appear in the password:
| Pool | Characters | Pool size |
|---|---|---|
| Lowercase letters | a–z | 26 |
| Uppercase letters | A–Z | 26 |
| Digits | 0–9 | 10 |
| Symbols | !@#$%^&*… | 32 |
| Unicode | Non-ASCII | 128 |
A 10-character password using all four ASCII pools (94 characters) has approximately 65.5 bits of entropy — 2^65.5 possible combinations.
Step 2: Read the Results
Entropy Bar
Shows relative strength on a scale to 128 bits. The bar color reflects the strength rating:
| Rating | Bits | Meaning |
|---|---|---|
| Very Weak | 0–27 | Instantly cracked by any tool |
| Weak | 28–35 | Vulnerable to fast offline attacks |
| Fair | 36–59 | Adequate for low-risk accounts only |
| Strong | 60–95 | Sufficient for most use cases |
| Very Strong | 96–127 | High-security credentials |
| Maximum | 128+ | Quantum-resistant class |
Key Metrics
- Entropy — total bits of unpredictability
- Length — number of characters
- Charset pool — total unique characters available given the detected pools
- Combinations — total possible passwords of this length and charset (scientific notation)
Crack Time Table
Estimates the average time to crack by brute force at five attack speeds:
| Attack | Speed | Typical use case |
|---|---|---|
| Online (throttled) | 1K/s | Standard web login |
| Online (no limit) | 1M/s | Unprotected endpoint |
| Offline (bcrypt) | 10K/s | Stolen hash file, slow algorithm |
| Offline (fast hash) | 10B/s | MD5 or SHA-1, single GPU |
| GPU cracking rig | 1T/s | Dedicated multi-GPU cluster |
Crack time = combinations / 2 / hash rate (average case)
Practical Guidance
- Aim for 60+ bits for passwords protecting real accounts
- 128 bits is the target for generated API keys and secrets
- Adding symbols or uppercase adds far less than increasing length does
- A 20-character lowercase passphrase (94 bits) is stronger than a 10-character mixed-case symbol password (65 bits)
Frequently Asked Questions
Most Viewed Tools
TOTP Code Generator
Generate time-based one-time passwords from a TOTP secret key. Enter your base32 secret, choose a period and digit length, and get the current and next codes with a live countdown timer. Useful for testing and debugging 2FA integrations.
Use Tool →Content Security Policy Generator
Build Content Security Policy headers interactively. Toggle directives like script-src, style-src, and img-src, select allowed source tokens, and add custom origins. Instantly outputs your CSP as an HTTP header, meta tag, Nginx directive, or Apache header.
Use Tool →Screen Size Converter
Calculate screen width and height from diagonal size and aspect ratio. Convert between inches and centimeters for displays, TVs, and monitors with instant dimension calculations.
Use Tool →SSH Key Generator
Generate Ed25519 and RSA 4096-bit SSH key pairs entirely in your browser. Keys are never sent to any server — 100% client-side using the Web Crypto API.
Use Tool →PGP Key Generator
Generate PGP public and private key pairs for email encryption and code signing. Supports ECC (Curve25519) and RSA up to 4096-bit. Entirely browser-side — keys never leave your device.
Use Tool →DPI Calculator
Calculate DPI (dots per inch), image dimensions, and print sizes. Convert between pixels and physical dimensions for printing and displays.
Use Tool →Paper Size Converter
Convert between international paper sizes (A4, Letter, Legal) with dimensions in mm, cm, and inches. Compare ISO A/B series and North American paper standards.
Use Tool →Reorder PDF Pages
Drag and drop to rearrange PDF pages in any order. Upload your PDF, preview all pages as thumbnails, drag pages to reorder them, and download the rearranged PDF. Fast, visual, and privacy-focused.
Use Tool →Related Privacy & Security Tools
PGP Key Generator
Generate PGP public and private key pairs for email encryption and code signing. Supports ECC (Curve25519) and RSA up to 4096-bit. Entirely browser-side — keys never leave your device.
Use Tool →TOTP Code Generator
Generate time-based one-time passwords from a TOTP secret key. Enter your base32 secret, choose a period and digit length, and get the current and next codes with a live countdown timer. Useful for testing and debugging 2FA integrations.
Use Tool →Content Security Policy Generator
Build Content Security Policy headers interactively. Toggle directives like script-src, style-src, and img-src, select allowed source tokens, and add custom origins. Instantly outputs your CSP as an HTTP header, meta tag, Nginx directive, or Apache header.
Use Tool →SSH Key Generator
Generate Ed25519 and RSA 4096-bit SSH key pairs entirely in your browser. Keys are never sent to any server — 100% client-side using the Web Crypto API.
Use Tool →API Key Generator
Generate secure, cryptographically random API keys for authentication and authorization. Create custom API keys with various formats including hex, base64, and prefixed keys.
Use Tool →RSA Key Generator
Generate secure RSA public/private key pairs for encryption, digital signatures, and authentication. Create 1024 to 4096-bit RSA keys instantly in your browser.
Use Tool →PIN Generator
Generate secure numeric PINs for devices, accounts, and security systems. Create random PINs with strength analysis and security recommendations.
Use Tool →Webhook Signature Verifier
Compute and verify HMAC webhook signatures in your browser. Supports HMAC-SHA256, SHA-512, and SHA-1 with hex or base64 encoding. Compatible with Stripe, GitHub, Twilio, and any HMAC-signed webhook.
Use Tool →Share Your Feedback
Help us improve this tool by sharing your experience