Password Strength Tester (Entropy Bits)

Estimate password entropy in bits and the time an offline brute-force attacker would need at common cracking rates. Pure client-side — your password is never sent anywhere.

Inputs

Type or paste the password. Computation is local-only — nothing is uploaded.

NIST SP 800-63B treats 10^10/s as the modern offline baseline. Bcrypt/scrypt/Argon2 hashes drop that by 4-6 orders of magnitude.

Result

Loading calculator…

How to use this calculator

  • Type or paste the password into the input.
  • Choose the attacker rate — 10 G/s is the realistic modern baseline; pick higher for nation-state threat models.
  • Read the entropy bits and the mean / worst-case crack-time. Flags below the result indicate why the number may be over-stated.
  • Aim for ≥ 80 bits for accounts that matter; ≥ 128 for master passwords or encryption keys.

About this calculator

A password’s strength is best expressed as its entropy in bits — log₂ of the number of equally-likely passwords an attacker has to try. For a random 12-character string mixing upper, lower, digit, and symbol, that is about 78 bits — strong enough to resist a single GPU rig for centuries on a non-cached hash. This tester computes the theoretical entropy from password length and the character classes it contains, then converts to mean crack-time at four common attacker speeds: rate-limited online, slow bcrypt offline, modern GPU, and state-actor cluster. It also flags weaknesses that ruin the entropy estimate: dictionary words, short length, and use of only one character class.

How it works — the formula

entropy_bits = length · log₂(pool_size) mean_crack_time = (2^entropy_bits / 2) / attacker_rate

For a uniformly random password from a pool of N characters, the number of equally-likely possibilities is N^length, so log₂ gives the entropy in bits. Mean-case search costs half that. Real-world passwords are far less random; entropy bits are an upper bound on resistance to brute force, not on resistance to dictionary attacks.

Worked examples

Example 1
"password" (lower-only, 8)
Inputs:
pwd=password
Output:
~37.6 bits but dictionary-flagged → minutes
Example 2
12 random mixed-case + digit + sym
Inputs:
pwd=Tr0u4!H#9Vk2
Output:
~78 bits → ~years on a GPU rig
Example 3
20-char Diceware passphrase
Inputs:
pwd=correct horse battery staple
Output:
~92 bits → centuries on a GPU rig (but only ~52 bits if attacker uses a word-list)

Limitations

  • Entropy ≠ real security: dictionary + rule-based crackers find "high-entropy looking" passwords in seconds when they follow common patterns.
  • No breach-list check — use haveibeenpwned.com/Passwords for that.
  • Attacker-rate selection is a coarse model — real cracking speed depends on the specific hash function and hardware.

Educational estimate only — for compliance use a tool that also checks against breach databases and known dictionaries.

Frequently asked

Why is the actual security usually less than the entropy bits?+
Entropy bits assume every character was chosen uniformly at random from the available pool. Humans almost never do that — they pick common words, predictable substitutions ("P@ssw0rd"), and keyboard runs. Real-world crackers use dictionary + rule sets that exploit those patterns, recovering many "high-entropy looking" passwords in seconds.
What is NIST’s recommended length?+
NIST SP 800-63B (2024 revision) recommends a minimum of 8 characters for memorised secrets and 15+ for high-assurance accounts, with no required composition rules. Length is the dominant factor — a 16-character lowercase passphrase beats an 8-character mixed-class password.
Why does the attacker rate matter so much?+
Crack-time is inversely proportional to attacker speed. A 64-bit password resists 1k/s for ~290 million years but falls to 10G/s in ~3 weeks. Always pick a rate appropriate to your threat model — if you assume the service hashes with bcrypt (cost 10+), drop to 1M/s; if MD5/SHA1/NTLM (legacy), use 10G/s.
Why are passphrases recommended over complex short passwords?+
Four random dictionary words from a 7,776-word list (Diceware) is ~52 bits — comparable to an 8-char fully-random ASCII password but vastly easier to memorise. Length is multiplicative in entropy; complexity is additive. The xkcd cartoon "correct horse battery staple" makes this point.
Is my password sent anywhere?+
No. All computation runs locally in your browser. The password is never uploaded, logged, or stored. You can also disconnect from the network and the tool still works.
What about pwned-password breach lists?+
This tool checks character composition only, not breach databases. For a "has this password been pwned?" check use haveibeenpwned.com/Passwords (k-anonymous API — your password is hashed locally and only a prefix is sent).

Related calculators

More tools you might like

Hand-picked tools that pair well with this one — same audience, same intent.