Entropy in bits, full character pool, and brute-force crack time across four attacker speeds, computed locally in your browser
- Runs locally
- Category Developer & DevOps
- Best for Formatting, validating, shrinking, or inspecting code-adjacent text.
Type a password above to see its entropy and brute-force estimates.
What this tool does
A password entropy calculator that turns a password into hard numbers: how many bits of entropy it carries, how large its character pool is, the raw count of possible combinations, and the average time to brute force it at four attacker speeds. Entropy is computed with the standard formula, length times log2 of the character-pool size, so a 12-character password drawn from lowercase, uppercase, digits and symbols lands around 78 bits. Crack time is the average search, half the keyspace, divided by guesses per second: a throttled online login at 1e3 per second, a slow offline hash at 1e9, a GPU rig at 1e12, and a nation-state cluster at 1e15. The result is the theoretical upper bound assuming the password is random. Everything runs in your browser tab with plain arithmetic. The password is never sent anywhere, never stored, and never written into the URL.
Tool details
- Input
- Form fields
- The page exposes text boxes, numeric controls, file pickers, or structured inputs depending on the tool.
- Output
- Live result
- The result area focuses on usable output, with copy, download, or preview actions when supported.
- Privacy
- Browser-side processing
- The main tool logic does not call an external API, so inputs normally stay in the current tab.
- Save / share
- Shareable URL state
- Key settings are encoded in the URL so another person can reopen the same setup.
- Performance budget
- Initial JS <= 9 KB
- No WASM budget is declared, keeping the tool quick to open on mobile.
- Best fit
- Developer & DevOps · Developer
- Category and role tags drive related tools, internal links, and quick fit checks.
How to use
-
1. Input
Paste or drop your content into the tool panel.
-
2. Process
Click the button. All processing is local in your browser.
-
3. Copy / Download
Copy the result or download to disk in one click.
How Password Entropy Calculator fits into your work
Use it in the small gaps between coding, reviewing, debugging, and shipping.
Developer jobs
- Formatting, validating, shrinking, or inspecting code-adjacent text.
- Preparing snippets for documentation, tickets, commits, or handoff.
- Checking a small payload quickly without switching tools.
Developer checks
- Run irreversible transforms like minify or obfuscate on a copy.
- Keep secrets out of pasted snippets unless the tool explicitly stays local.
- Use your normal tests or linter before shipping transformed code.
Good next steps
These links move the current task into a more complete workflow.
- 1 Unit Converter Convert between length, weight, temperature, area, volume, speed, time — instant, browser-only Open
- 2 Number Base Converter Number base converter — binary, octal, decimal, hex, and any base 2-36. Bitwise too. Open
- 3 Password Strength Checker Check password strength — entropy, time-to-crack, breach pattern check (offline). Open
Real-world use cases
Decide how long your next password needs to be
You are setting a master password and want it to outlast offline GPU cracking. Type candidate lengths, watch the entropy and the 1e12 per second crack time climb, and stop when the offline estimate crosses centuries. A 16-character mix of all four classes clears 100 bits and reads as effectively uncrackable by brute force, which tells you the length to commit to before you save it in your manager.
Sanity-check a generated password before trusting it
A generator hands you a string and claims it is strong. Paste it in and read the bits directly instead of taking the badge on faith. If a 14-character output only shows 60 bits, the generator is drawing from a narrow pool; if it shows 90 plus, the keyspace is genuinely wide. The combination count and detected character classes confirm what the generator actually used.
Explain password math to a team or a class
You are walking colleagues through why length beats complexity. Show an 8-character symbol-heavy password next to a 20-character all lowercase one: the longer, simpler password wins on entropy every time. The live bits readout and the four attacker speeds turn an abstract argument into numbers people can see move as you edit the input.
Set a minimum-entropy policy for an application
You need a number for a sign-up rule, not a vague "strong" label. Test the kinds of passwords your users will actually pick, read the bits, and pick a floor, say 50 bits at registration. The crack-time rows show what that floor buys you against each attacker class so the policy is grounded in time, not vibes.
Common pitfalls
Reading the entropy as a guarantee. The number assumes the password is random across its pool. A dictionary word or a name plus a year reports high bits but falls to a wordlist in seconds. The bits are an upper bound for a truly random string, not a verdict on the password you chose.
Chasing complexity instead of length. Adding one symbol to an 8-character password barely moves the bits, but adding 4 more random characters can add over 25 bits. Length is the cheapest entropy. A long all-lowercase passphrase beats a short symbol-stuffed one almost every time.
Trusting the online attack row for stored hashes. The 1e3 per second figure models a throttled login, not a leaked database. If the password hash is stolen, the relevant rows are the offline ones at 1e9 to 1e15, which can be a billion times faster, so judge resistance by those.
Privacy
Every number on this page, the entropy bits, the character pool, the combination count and the four crack-time estimates, is computed by plain JavaScript running inside your browser tab. The password you type is never sent to a server, never written to storage, never logged, and never placed in the URL, so there is no shareable link that could leak it. Close the tab and nothing remains. This is the right place to test a password you actually intend to use.
FAQ
Tool combos
Folks in your role tend to reach for these alongside this tool.
- Add Line Numbers Number every line of pasted text — set start, step and separator, zero-pad to align, skip blanks, or strip numbers back off — browser-only
- AES Text Encryptor Encrypt & decrypt text with a password — AES-256-GCM + PBKDF2 via WebCrypto — 100% in your browser, nothing uploaded
- Affine Cipher Encoder & Decoder Encrypt and decrypt the ax+b affine cipher with live modular-inverse check, browser-only
- Age Difference Calculator The exact gap between two birthdays — years/months/days, percentage, and the date one person is twice the other's age — browser-only