Password strength analysis
Password Entropy Calculator
Calculate password entropy and estimate brute-force crack times for different attack scenarios.
Privacy notice:
- All calculations happen entirely in your browser
- Your password is never sent to any server
- No data is stored or logged
Password Strength
Enter passwordEntropy
—
Length
—
Charset Size
—
Character Sets Detected
Brute-Force Time Estimates
Average case (50% probability)Online (Throttled)
—
~10 guesses/sec
Online (Unthrottled)
—
~1,000 guesses/sec
Offline (Slow Hash)
—
~10,000 guesses/sec (bcrypt)
Offline (Fast Hash)
—
~10B guesses/sec (MD5/SHA)
Recommendations
Enter a password to see personalized recommendations.
How it works
Password entropy measures the unpredictability of a password. Higher entropy means more possible combinations and longer crack times.
- Entropy = length × log₂(charset size)
- Patterns detected reduce effective entropy
- Crack time = 2^(entropy-1) / guesses per second
Quick examples
Use passphrases for memorable, high-entropy passwords.
Mini FAQ
What is entropy?
Entropy measures randomness in bits. More bits = more possible combinations = harder to crack.
What's a good entropy?
60+ bits is decent, 80+ bits is strong, 100+ bits is excellent for most purposes.
Why different crack times?
Attack speed varies: rate-limited logins are slow; offline attacks with fast hashes are extremely fast.
What patterns are detected?
Common passwords, keyboard patterns (qwerty), sequences (abc, 123), repeated chars, and dates.