Password Entropy Calculator

Password Entropy Calculator entropy bits password randomness password security
Password Entropy Calculator
Assumed character sets
Assumed pool size
Possible combinations
Theoretical entropy

How to use Password Entropy Calculator

Enter the password length and select every character set from which each character could be chosen uniformly. Use a custom pool only when the generator’s exact alphabet size is known.

Advertisement

What password entropy measures

Entropy expresses the uncertainty in a randomly generated value. One bit represents two equally likely possibilities. This calculator estimates theoretical entropy when every password character is selected independently and uniformly from the same known pool.

Entropy formula

The formula is length × log₂(pool size). Increasing length adds the same number of bits for each new character. Expanding the pool also helps, but usually less dramatically than adding several independently generated characters. The combinations result is pool size raised to the password length.

Worked example

Lowercase letters, uppercase letters, digits, and 32 common symbols create an assumed pool of 94 characters. For a 16-character uniformly random password, entropy is 16 × log₂(94), or about 104.87 bits. The number of possible strings is about 1031.57.

Theoretical versus real entropy

The estimate applies to the generation process, not merely the appearance of a finished password. A human who chooses one capital letter, a familiar word, a year, and an exclamation mark is not making 16 independent selections from 94 equally likely characters. Dictionary patterns, keyboard sequences, predictable substitutions, reused passwords, and personal information can reduce actual uncertainty drastically.

Character-pool assumptions

Select only sets from which every position could genuinely be drawn. If a generator guarantees exactly one digit and one symbol, its process is more structured than this simple model. Use Custom pool size only when you know the exact alphabet and each position uses it uniformly. Passphrases selected from a wordlist need a word-based entropy calculation instead.

Security limitations

Entropy is not a crack-time estimate. Attack speed depends on password hashing, work factors, hardware, online rate limits, account lockout, leaks, and attacker knowledge. A high-entropy password can still fail if reused, exposed by phishing, stored insecurely, or entered on a compromised device. Use a reputable password manager, unique credentials, and multifactor authentication where available.

Privacy and accuracy

This page asks for assumptions, not the password itself. Calculations remain in the browser. Results use floating-point logarithms and are rounded to two decimal places, which is sufficient for an estimate but not a security certification.

Password Entropy FAQ

Should I paste my password here?

No. Enter only its length and generation alphabet; the actual secret is unnecessary.

Does 100 bits guarantee safety?

No. It describes a strong random search space under stated assumptions, not the security of the complete account system.

Is a longer password always better?

When characters are generated independently from a known pool, length increases entropy. Human patterns can weaken that assumption.

Related tools

Categories

Tags