Password Entropy Calculator (Check Password Strength Online)
Are your access credentials actually secure, or just long? This Password Entropy Calculator uses standard information theory (Shannon Entropy) to mathematically determine the true cryptographic strength of your passwords. It calculates the pool size (uppercase, lowercase, numbers, symbols) and length to give you exact bit-strength and an estimated offline cracking time. This tool runs 100% in your browser; your keystrokes never leave your device.
100% Private & Secure
This tool runs completely inside your browser using client-side WebAssembly and JS. Zero data is ever sent to our servers.
100% Private: Your keystrokes never leave your browser.
Information Entropy
Estimated Crack Time
InstantlyHow to use this tool
- Begin typing your password into the input field.
- Watch the Entropy (bits) score update in real-time as you type.
- Observe the Estimated Crack Time to understand its resilience against brute-force attacks.
- Check the breakdown at the bottom to see your Character Pool Size and Password Length.
Example Usage
password123
41 bits (Weak) - Cracks in 22 Minutes
correct-horse-battery-staple
135 bits (Very Strong) - Cracks in Millions of Years
When to use this tool
- Evaluating database administration or root server access credentials.
- Testing the effectiveness of Diceware or passphrase generation strategies.
- Educating internal employees on why 'P@ssw0rd1' is cryptographically weak despite meeting minimum requirements.
- Verifying the output strength of automated random password generators.
Frequently Asked Questions
What is Password Entropy?
Information Entropy (often measured in bits) is a scientific concept measuring the 'randomness' or unpredictability of data. In cybersecurity, higher password entropy means there are exponentially more possible combinations an attacker must guess to brute-force the password.
How is the Entropy calculated here?
We use the standard Shannon Entropy formula: E = L * log2(R). Where L is the Length of the password, and R is the Pool Size (26 for lowercase, +26 for uppercase, +10 for numbers, +32 for symbols).
How is the 'Crack Time' estimated?
The crack time is a hypothetical metric. It assumes an attacker has stolen your hashed password (like an offline MD5 or SHA-256 hash) and is running a massive parallel GPU rig capable of guessing 100 Billion passwords every single second. The time shown is how long it would take to guess exactly half of all possible combinations in your entropy pool.
Is it safe to type my real password here?
While this tool is technically 100% offline and no data is ever transmitted to our servers, cybersecurity best practices dictate that you should NEVER type your real, highly sensitive production passwords into any web browser form you don't absolutely have to. We recommend testing the *structure* of your passwords, not the exact passwords themselves.