The mathematics of security: How to calculate the entropy of your passwords
Discover the concept of cryptographic entropy and why length is much more important than complexity when designing your passwords.
The mathematics of security: How to calculate the entropy of your passwords
The strength of a password is not based on how "rare" it is for you, but on how much mathematical resistance it offers against an automated brute force attack. This measurement is known in cryptography as password entropy.
The entropy formula
Information entropy (measured in bits) is calculated with the following equation:
$$E = L \times \log_2(R)$$
Where:
- L: Is the total length of the password (number of characters).
- R: It is the size of the repertoire of available characters (e.g. lowercase = 26, lowercase + uppercase = 52, with numbers = 62, etc.).
Since the length ($L$) acts as a direct multiplier on the logarithm of the repertoire size, increasing the number of characters has a drastically greater impact on security than adding extraneous symbols to an 8-character key.
To analyze your credentials and mathematically estimate the decryption time, you can use our local tool:
Enter any phrase or password and instantly discover its exact entropy bits and actual security level against supercomputers.
