Password Entropy Calculator

How to use the Password Entropy Calculator

1. Type or paste a candidate password in the input field. The calculator runs on every keystroke; there is no Submit button.
2. Toggle Show if you want to verify there is no whitespace or look-alike character (zero vs O, lowercase l vs digit 1) sneaking into the value.
3. Read the four headline numbers: Length (raw character count), Pool Size (size of the alphabet your password draws from), Entropy in bits, and a strength bucket from Very Weak to Very Strong.
4. Compare crack-time scenarios: 100 guesses per second models a rate-limited online login, 100 billion per second models a GPU farm against an unsalted MD5 or SHA-1 dump, and 100 thousand per second models a properly tuned Argon2 or bcrypt hash.
5. Heed the warnings panel. A password may show a respectable bit count and still trigger a warning for common words, repeats, sequential runs, or keyboard walks - those patterns collapse practical entropy long before the math says so.

What the calculator does under the hood

The model is the standard Shannon-style estimate: bits = length * log2(poolSize). Pool size is computed from which character classes the password actually uses: 26 for lowercase only, 52 for mixed case, 62 with digits, 95 with the printable ASCII symbol set, and broader still if the input crosses the ASCII boundary into accented Latin or Unicode. The detector inspects each character with regex tests rather than checking string flags, so a single emoji or non-ASCII letter widens the pool by hundreds of points.

Crack-time scenarios convert bits to seconds by dividing the search space (2^bits) by the candidate guess rate, then formatting the result with a human-readable bucket (seconds, hours, years, centuries). The fast-hash rate of 100 billion per second matches a single modern consumer GPU running hashcat against an unsalted MD5 or SHA-1 hash; the slow-hash rate of 100 thousand per second models a correctly-parameterized Argon2id or bcrypt with a workfactor that costs the verifier roughly 100 ms. Real-world parallel attacks against leaked databases routinely run several orders of magnitude faster, so treat these numbers as upper bounds on attacker patience, not lower bounds on safety.

When this tool earns its keep

• Comparing two candidate passphrases before committing to one for a vault master password or full-disk-encryption key.
• Demonstrating to a non-technical stakeholder why "P@ssw0rd1!" scores worse than "correct horse battery staple" despite hitting every complexity rule.
• Auditing an old password from a notebook or password manager export to decide whether it still belongs in the rotation.
• Calibrating a password policy: if a 12-character requirement on lowercase plus digits only buys 62 bits, the policy is weaker than it looks.
• Sanity-checking the output of a password generator (especially custom ones) by pasting a sample and confirming the bit count matches the math you expect.
• Deciding whether to enable 2FA on an account where the existing password is borderline; entropy of less than 50 bits is a strong signal to add a second factor.

Common pitfalls and edge cases

• Pool-size math is generous. Real human passwords cluster in a small subset of the search space (think of the Pareto distribution of leaked passwords from Have I Been Pwned). A password rated 60 bits by pool math may have an effective entropy below 30 bits if it is on a top-100K wordlist.
• Length always beats class diversity. Adding one character to a 12-character lowercase password adds about 4.7 bits; switching to mixed case adds only 1 bit per existing character. Long all-lowercase passphrases routinely beat short mixed-case ones.
• The detector cannot see substitutions. "Pa$$word" still looks like ASCII letters plus symbols and earns a high pool count, but it appears in cracker rule sets and falls in seconds.
• Per-character entropy is a fiction for human passwords. Markov-chain attacks exploit the fact that "th" is followed by "e" far more often than chance, dropping the effective bit count. Random outputs from crypto.getRandomValues do not have this weakness.
• Crack-time is asymmetric. The numbers assume the attacker has the password hash; for a server-side login with rate limiting, even an 8-character lowercase password can survive online attack indefinitely. The hash-rate column is the realistic threat for any leaked database.
• Entropy is not breach-safety. A password leaked once is unsafe forever, regardless of bit count. Pair this calculator with a Have I Been Pwned check before reusing any value.

The math behind entropy and why bits matter

Information-theoretic entropy was formalized by Claude Shannon in his 1948 paper "A Mathematical Theory of Communication" and applied to passwords most influentially in NIST Special Publication 800-63 (later revised in 800-63B). The key result is that a password drawn uniformly at random from an alphabet of size N has log2(N) bits of entropy per character, and total entropy adds linearly. NIST 800-63B retired the old complexity-rule rubric in 2017 in favor of length-based recommendations and explicit breach-list checks, because the legacy rules pushed users toward predictable patterns ("Capital letter, digit, special character at the end"). Modern guidance: minimum 12-15 characters, randomly generated by a manager, never reused.

Alternatives and when they beat this tool

Dropbox's open-source zxcvbn library scores passwords against word lists, keyboard patterns, and date heuristics, and gives a far more realistic estimate than pool-size math for human-typed values; if you are building a signup form, embed it. The 1Password and Bitwarden apps both surface entropy estimates inline and integrate with their breach-check APIs. Hashcat plus a wordlist is the inverse: it tells you how fast the password actually falls under a target ruleset, which is the only number that matters once an attacker has the hash. Have I Been Pwned's k-anonymity range API answers the one question entropy cannot: has anyone seen this password before. Use the on-page calculator when you want a quick number, do not want to install anything, and are deciding between candidates rather than auditing a finished credential.