A common and easy way to estimate the strength of a password is its entropy.
The entropy is given by $$H = L \log_2{N}$$ where $$L$$ is the length of the password and $$N$$ is the size of the alphabet, and it is usually measured in bits.
The entropy measures the number of bits it would take to represent every password of length $$L$$ under an alphabet with $$N$$ different symbols.

For example, a password of 7 lower-case characters (such as: example, polmnni, etc.) has an entropy of $$H = 7 \log_2{26} \approx 32.9 \text{bits}$$.
A password of 10 alpha-numeric characters (such as: P4ssw0Rd97, K5lb42eQa2) has an entropy of $$H = 10 \log_2{62} \approx 59.54 \text{bits}$$.

Entropy makes it easy to compare password strengths, higher entropy means stronger password (in terms of resistance to brute force attacks).

An interesting fact is that a password that is usually considered strong, such as f#Mo1e)*TjC8 (entropy $$H = 12 \log_2{72} \approx 74.04 \text{bits}$$), usually has lower entropy than a password assembled form several words delimited by spaces, such as carrot ways base split (entropy $$H = 22 \log_2{27} \approx 104.61 \text{bits}$$).
This fact was demonstrated wonderfully by Randall Munroe in the following picture (although I believe his entropy calculation was different than mine):

## Entropy calculator

I wrote a simple entropy calculator in javascript, you can use it online here:

Entropy: 0

Calculator source: http://blog.shay.co/files/entropy.js.

Tagged with:

### 19 Responses to Password Entropy

1. Interesting to see the actual math behind it. No discussion about passwords would be complete though without a comment that people should NEVER keep their passwords in their computer. That is the worst place to keep them.

People should always use a Password Book. I like, “The 5th Dimension Password Keeper” that I found on Amazon. But whatever book you use, Never, Never, Never use the same password for more than one account.

2. ernestenbert says:

The picture is using the NIST guidelines for human generated passwords, as they tend to be considerably less random than computer generated ones.

3. Spicy says:

Very interesting article, I changed my passphrases from about 70 bits of entropy to 200

4. Joker! says:

Spicy, are you serious?? 200 bits of entropy?? You use ~25 char pass?? For what reason? A 12-random-char pass is more than enough even if you never change it.

• Chris says:

The whole point is that a passphrase like “This is 1 hard-to-guess password.” (207 bits of entropy) is much harder to guess or bruteforce than a 12-random-char password, while being much easier to remember.

“Only hobos take the bus.”, for example. It’s 146 bits of entropy, but I already know I’ll remember it tomorrow, even though I just made it up on the spot.

Compare that to an equally strong random password: “6&@wPLZz((!tUuInWiu*TTa”.

I’ve already forgotten everything past the 3rd character.

5. Ron says:

Calculator source: http://shay.co/files/entropy.js.
What the link actually points to:
http://b\log.shay.co/files/entropy.js

(I should mention both are incorrect…
http://shay.co/files/entropy.js doesn’t exist
and
http://b\log.shay.co/files/entropy.js
exists and works if you remove the random \)

6. Vooo Beee says:

did you try to put passwords from the comics strip to the calculator? first one gives 69 bits (not 28 as indicated in comics) and second 150 (and not 44). what is the reason? are there many different methods to calculate the password entropy? or did i miss something?

• Yes, you are correct. I don’t really know which definition was really used in comics, but you can see his calculation.
However, the definition I gave here works, and shows the properties you would want it to have.

• Chris says:

The calculator here deals with the entropy of random characters, while Randall’s comic calculates entropy in a different, more real-worldey way.

“password” isn’t all that secure because it’s a well known word. If you had to pick an 8 letter password and got 20 chances at it, you’d probably pick a list of 20 common 8 letter words. This is where the figures used come from – that the 4 random common words each come from a list of 2048 of the most common words (which is probably an underestimation), and that Troubadour probably appears in a list of the 65536 most common words.

Usually for entropy it makes things simpler to underestimate how secure things are, and to assume that the attacker knows the structure of your password.

There’s a good discussion of this at http://tech.dropbox.com/?p=165 with an example that gets similar results to XKCD at http://dl.dropbox.com/u/209/zxcvbn/test/index.html

7. dtanders says:

E=M*c^2 has more entropy than horsebatteyclip or whatever and I memorized that in fifth grade.

Thank you very much for this post. It is the clearest explanation I have found on this subject.

I have one suggestion on how it could be improved, though. Log2 isn’t something I was aware of and I can imagine most of your readers aren’t either. You should mention that it is the binary logarithm and maybe link to the wikipedia page about it:

http://en.wikipedia.org/wiki/Binary_logarithm

9. Hi there! I just want to give an enormous thumbs up for the good
info you’ve right here on this post. I shall be coming
again to your weblog for more soon.

10. Loau says:

According to this tool, “qwertyuiop” (51.29 bits) is a better password than “Mkzq!#d@” (48.53 bits).

• Indeed, but you should remember that this tool doesn’t take into account popularity of phrases.
Some attacks might apply methods of words popularity and similar methods, and some attacks might use simple brute force, in which case the first password you wrote is in fact better.

If I enter all the same character, for my password, the entropy keeps going up and up. How would you adjust the algorithm to make sure the characters are actually sufficiently random?