Krill KitsKrill Kits// A swarm of small, sharp tools for letters, numbers, and units.
§ 01 / ARTICLE

Password Entropy. What the Bits Mean.

CATEGORY GENERATORSREAD 4 MINPUBLISHED APR 21, 2026

Every password meter you've seen talks about "strength" in vague words like weak, okay, and strong. The honest unit is entropy, measured in bits. It's a precise, logarithmic way of saying "how much work would an attacker need to guess this?" — and each bit doubles that work.

The formula, in one line

Password entropy is log₂(alphabet_size ^ length). In plain English: raise the number of possible characters to the length of the password, then take the base-2 logarithm. The result is a number of bits.

A few concrete examples:

  • 8 lowercase letters — log₂(26⁸) ≈ 37.6 bits. Crackable on a GPU in seconds.
  • 12 mixed-case alphanumeric — log₂(62¹²) ≈ 71.5 bits. Takes modern hardware hours to days.
  • 16 chars with symbols — log₂(95¹⁶) ≈ 105.1 bits. Essentially uncrackable by brute force.
  • 20 chars with symbols — log₂(95²⁰) ≈ 131.4 bits. Beyond cryptographic overkill.

Why each bit doubles the work

Logarithms are the reason. Adding 1 bit means doubling the number of possibilities an attacker has to try. Going from 50 to 60 bits isn't 20% more security — it's 1,024× more (2¹⁰). Going from 60 to 128 is 2⁶⁸ times more, which is a number with 20 zeros.

This is why small-looking changes to a password produce huge gains. One more character from a 95-symbol set adds ~6.6 bits. That means one more character makes the password ~100× harder to brute-force. Attackers don't run out of patience for 10% more work; they run out of patience for 100× more work.

// TRY THE TOOL
GENERATE ONE NOW.

Crypto-quality random, configurable length and character classes, entropy shown in bits. Runs in your browser.

OPEN →

What "weak" and "strong" actually mean

The strength thresholds below assume modern hardware (GPU arrays doing billions of hash attempts per second) and that the attacker has either the leaked hash or an unrestricted online attack surface:

  • Under 60 bits — weak. Crackable in minutes to days on consumer GPUs. Don't use for anything real.
  • 60–79 bits — okay. Takes motivated attackers weeks to months. Fine for low-value accounts if paired with rate limiting and 2FA.
  • 80–127 bits — strong. Effectively uncrackable by any realistic attacker. Good for most accounts.
  • 128+ bits — excellent. Cryptographic-level strength. Reserve for password manager master passwords and encryption keys.

The length vs complexity trade

If you have to choose one, choose length. An added character from a 95-symbol set adds ~6.6 bits. Switching from lowercase (26) to mixed-case+digits+symbols (95) at the same length is a one-time boost — but you only get it once, whereas length keeps paying.

The "correct horse battery staple" approach is mathematically sound: 4 random words from a 7,776-word dictionary is ~51 bits. Push it to 5 words and you're at ~65. Six words gets you ~78 bits — stronger than most "secure" passwords, and dramatically easier to remember.

Entropy isn't everything

One big caveat: entropy assumes random choice from the full alphabet. A password you chose yourself — even if it uses 95 possible characters and is 16 long — usually has far less entropy than the theoretical maximum because humans aren't random. We pick familiar patterns, common substitutions (a → @, e → 3), and dictionary words with predictable modifications.

Real-world entropy for a human-chosen password is often 20–30 bits below the theoretical maximum. That's why tools like zxcvbn exist — they try to model human patterns and give a more honest strength estimate. Random generators like this one sidestep the problem entirely: if the generator is cryptographically random, the entropy is exactly what the math says.

// TRY THE TOOL
ROLL A PASSWORD.

Truly random, entropy computed live, nothing leaves your browser. The math is honest.

OPEN →
§ 02 / FAQ

Questions. Answered.

What is password entropy?+
Entropy measures how unpredictable a password is, in bits. It’s calculated as log₂(alphabet_size ^ length). A password with 60 bits of entropy has about 2^60 (≈1 quintillion) possible values. Each bit doubles the attacker’s workload.
How many bits is "safe enough"?+
For most accounts: 80+ bits is strong. For anything critical (password manager master, bank, email): aim for 128+. Below 60 bits is weak — modern GPU hardware can brute-force such passwords in days or hours. The exact threshold depends on how the password is stored (hashed or plaintext) and how it’s attacked.
Why does each bit "double" the strength?+
Entropy is logarithmic. Adding 1 bit means doubling the number of possible passwords an attacker has to try. Going from 60 to 70 bits isn’t 17% more strength — it’s 1,024× more. This is why small increases in password length or alphabet size produce huge security gains.
Is a longer password always better?+
Usually yes. Adding one lowercase character (26 possibilities) adds ~4.7 bits. Adding one uppercase+lowercase+digit+symbol character adds ~6.6 bits. Length wins over complexity if you have to pick one — "correct horse battery staple" is stronger than "Tr0ub4dor".
What about passphrases vs random passwords?+
A 4-word passphrase from a 7,776-word dictionary (like EFF’s list) has log₂(7776^4) ≈ 51 bits. A 5-word passphrase has ~65 bits. A 6-word passphrase has ~78 bits. That’s strong enough for most uses, and vastly easier to remember than a 12-char random string.
How is this tool’s password strength calculated?+
The same way: log₂ of the alphabet size raised to the length. Lowercase-only alphabet = 26 symbols. Add uppercase = 52. Add digits = 62. Add standard symbols = ~95. The more character classes enabled, the higher the per-character bit contribution, and the higher the total entropy for a given length.
§ 03 / TOOLS

Related calculators.

§ 04 / READING

Keep reading.