Entropy (Password)
A bits-of-uncertainty measure of how hard a password is to guess: log2 of the number of possible candidates given the character set and length.
Password entropy is measured in bits and represents log2 of the size of the candidate space an attacker must search. A truly random 8-character password from a 95-character set has log2(95^8) ≈ 52 bits; a Diceware passphrase of 6 words from a 7,776-word list has log2(7776^6) ≈ 77 bits. The catch: entropy only applies to truly random selection. "P@ssw0rd1!" looks 80-bit by naive math but has near-zero real entropy because attackers prioritise it. NIST SP 800-63B-4 abandons composition rules in favour of length and breach-list screening, recognising that user-chosen passwords almost never reach their notional entropy.
Reference
Related terms
See also
Referenced on
- API Key Generator
- Bcrypt Generator & Verifier
- Complete Guide to DNS Attacks and DNS Security (Prevention, Testing & Mitigation)
- Diceware Passphrase Generator
- DNS Over HTTPS Abuse: How Encrypted DNS Creates Security Blind Spots
- DNS Tunneling Attack: How Data Is Smuggled Through Port 53
- HMAC Generator
- JWT Secret Generator
- Memorable Password Generator
- Password Strength Checker Free Online
- Password Tools
- PIN Generator
- Strong Password Generator
- What Is DNS Cache Poisoning? How It Works and How to Prevent It
- WiFi Password Generator