Password Strength Calculator
Enter a password — entropy is calculated locally. Nothing is uploaded, logged, or transmitted. Estimates use public Hashcat throughput numbers for single-GPU and cloud-cluster attack rates against common hash schemes.
Enter a password to analyse
How entropy is calculated
Shannon entropy assumes characters are chosen uniformly from the visible character set. The formula: entropy = length × log2(charset_size). This is an upper bound on the actual entropy — real human-chosen passwords have far less entropy because they cluster around dictionary words, dates, and patterns.
For high-value passwords, generate them randomly from a password manager. A 16-character password with full character set has 105 bits of entropy — beyond reach of any realistic compute budget. A 16-character password chosen by a human typically has 40-60 bits of effective entropy due to pattern bias.
Hash schemes compared
- Fast hashes (MD5, SHA-1, NTLM): 25+ billion attempts per second on a single high-end GPU. Use only for non-secret integrity, never for password storage.
- Office / PDF / ZIP AES: ~1M attempts per second on a single GPU. Significant slow-down but still tractable for short passwords.
- WPA / scrypt / Argon2: ~1-3M attempts per second per GPU due to memory-hardness. Strongest practical KDF tier.
- Cloud GPU cluster: Multi-GPU multiplies single-card rates linearly. 8x RTX 4090 cluster at ~25M attempts/sec for AES schemes.
Can't open a password-protected file?
If the file's encryption is weak (40-bit PDF/Office) or the password is short, recovery is realistic. Run a free analysis to find out.
Run Free Analysis