Zero Signup ToolsFree browser tools

Security Tools

Password Entropy Calculator

Calculate password entropy in bits and average time to crack at four attacker rates. Pure math, no signup, runs in your browser.

Password entropy calculator

Choose input mode

Your password stays in this tab. Nothing is sent over the network and the value is not stored.

Try:

Entropy

72.1bits

Strong

Comfortably above the NIST 64-bit floor for everyday accounts.

0326496128+
Length
11
Alphabet size
94
Possible passwords
5.062 x 10^21

Detected alphabet

Each class active in the input contributes its pool size to the total alphabet. The entropy formula is H = length x log2(pool).

  • Lowercase letters (a-z)+26
  • Uppercase letters (A-Z)+26
  • Digits (0-9)+10
  • Common ASCII symbols+32
  • Extended characters (above ASCII)128 excluded

Unique characters used: 10. A long password drawn from a small visible alphabet is weaker than the formula suggests because the per-character variety is lower than the pool allows.

Average time to crack

Assumes the attacker must search half the space on average, so expected attempts are 2^(H-1). Pick the row that matches your threat model.

  • Online, throttled802.2 billion years

    Throttled login endpoint, about 100 guesses per second.

  • Online, unthrottled80.2 million years

    API without rate limiting, about 1 million guesses per second.

  • Offline, slow hash802.2 years

    Stolen database with bcrypt-style hashing. Roughly 10^11 attempts per second.

  • Offline, fast hash80.2 years

    Stolen database with MD5 or SHA-1 hashing on a single GPU rig. About 10^12 per second.

Formula

H = L x log2(N) = 11 x log2(94) = 72.1 bits

The formula gives the maximum entropy a password of this length and pool can carry if every character is independently and uniformly random. Real human-chosen passwords are weaker because letter sequences are not uniformly random and common phrases get picked far more often than chance. Treat the result as the upper bound and pair it with the password strength checker for a more realistic estimate of memorised passwords.

How to use

  1. Pick From a password to score an existing string or From length and character set to size a future password or generator.
  2. In password mode, type or paste a password. The tool detects which character classes you used and updates the entropy in bits in real time.
  3. In settings mode, choose a length with the slider or input and tick the character classes you want included in the pool.
  4. Read the entropy bar, the strength label, and the alphabet breakdown to see which classes contribute to the total pool size.
  5. Scan the time-to-crack table to pick a row that matches your threat model, then click Copy summary to save the results as plain text.

About this tool

Password Entropy Calculator turns a password into the classic information-theory measure of strength: bits of entropy. The calculation uses H = L x log2(N), where L is the length of the password and N is the size of the alphabet (the pool of distinct characters the password could have been drawn from). The result tells you how many guesses an attacker must make in the worst case to brute force the password, and how long that takes at four standard attacker rates from a throttled login endpoint at about 100 guesses per second through to an offline crack at a trillion guesses per second on a modern GPU rig. Two input modes are available. From a password parses your input, detects which character classes are present (lowercase letters, uppercase letters, digits, common ASCII symbols, and extended characters above ASCII), and computes the alphabet size and entropy from there. From length and character set lets you pick the classes and length manually, which is useful when sizing a generator or writing a password policy. The summary highlights the strength band (very weak through very strong, aligned with NIST 800-63B guidance), the number of possible passwords as N^L using BigInt to stay exact for ordinary lengths, and a copy-ready text block. The result is the upper bound on entropy for that length and pool, so very long passwords made from a small visible alphabet still carry less practical entropy than the formula suggests; the tool surfaces the count of unique characters so you can tell. Everything runs in your browser. Your password is never uploaded, stored, or logged.

Free to use. Works in your browser. No signup, no login.

Related tools

You may also like

All tools
Security

Password Generator

Strong random passwords with length and character controls.

Open tool

Security

Password Strength Checker

Live strength meter with entropy, crack times, and common-password detection.

Open tool

Security

Passphrase Generator

Random-word passphrases with live entropy and crack-time estimates.

Open tool

All toolsSecurity Tools