How is password entropy calculated?

Entropy in bits equals log2(charset_size ^ length). For example, an 8-character password using 95 printable ASCII characters has log2(95^8) ≈ 52.6 bits of entropy. Each additional character adds log2(charset_size) bits.

How long would it take to crack my password?

It depends on the hashing algorithm. An RTX 4090 GPU can test 164 billion MD5 hashes per second but only 1.6 million bcrypt hashes. A 52-bit entropy password falls in seconds against MD5 but would take centuries against bcrypt with a high work factor.

What is the zxcvbn algorithm?

zxcvbn is a password strength estimator developed by Dropbox that scores passwords 0-4 by detecting patterns: dictionary words, keyboard sequences (qwerty), dates, l33t substitutions, and repeated characters. It estimates crack time based on realistic attack scenarios rather than just character count.

How Password Strength Is Measured: Entropy, Crack Time, and the zxcvbn Algorithm

A password's strength is not determined by how many special characters it contains or whether it mixes uppercase and lowercase. Strength is a function of entropy — the mathematical measure of unpredictability. This guide explains how password strength is measured, how attackers estimate crack times, and why the conventional wisdom about "complex" passwords is largely wrong.

Entropy: The Mathematics of Unpredictability

Password entropy is measured in bits and calculated using the formula:

entropy = log2(charset_size ^ password_length)
       = password_length × log2(charset_size)

The charset size depends on which character classes appear in the password:

Character Set	Size	Bits per Character
Digits only (0-9)	10	3.32
Lowercase letters (a-z)	26	4.70
Lowercase + digits	36	5.17
Mixed case letters	52	5.70
Mixed case + digits	62	5.95
Mixed case + digits + 32 symbols	94	6.55

An 8-character password using mixed case, digits, and symbols has a theoretical maximum of 8 x 6.55 = 52.4 bits of entropy. That sounds reasonable until the assumption is examined: this formula assumes every character is chosen uniformly at random. Humans do not generate random passwords. They use patterns, dictionary words, keyboard walks, and substitutions (e → 3, a → @) that dramatically reduce effective entropy.

How Attackers Estimate Crack Time

Crack time depends on two factors: the number of guesses required (determined by entropy) and the speed of guessing (determined by the hash algorithm and hardware).

Offline attacks occur when an attacker obtains a database of hashed passwords and can test guesses at hardware speed, without rate limiting. A single NVIDIA RTX 4090 GPU achieves approximately:

164 billion MD5 hashes/second (MD5 is not a password hash — yet Have I Been Pwned data shows it remains widely used)
68 billion SHA-1 hashes/second
~1.6 million bcrypt (cost 10) hashes/second — bcrypt is deliberately slow
~500,000 Argon2id hashes/second — the current OWASP recommendation for password storage

Against MD5, a 52-bit entropy password falls in approximately 2⁵² / 164,000,000,000 = ~27 seconds. Against bcrypt (cost 10), the same password takes approximately 2⁵² / 1,600,000 = ~825 hours on a single GPU. This is why the choice of hash algorithm matters as much as the password itself.

Online attacks are limited by network latency and rate limiting. A well-configured system that locks accounts after 10 failed attempts with exponential backoff makes online brute-force impractical even against weak passwords. The real threat is offline attacks against leaked databases.

Beyond Brute Force: Pattern-Based Attacks

Real attackers do not iterate through every possible character combination. They use optimized strategies:

Dictionary attacks — Testing words from common password lists. The RockYou breach (2009) exposed 32 million plaintext passwords and remains a foundational wordlist. "123456" appeared 290,731 times. "password" appeared 61,958 times.
Rule-based mutations — Applying transformations like appending digits, capitalizing the first letter, or substituting characters (l33tspeak). "password" becomes "P@ssw0rd!", which appears unique but follows a pattern attackers model explicitly. Tools like Hashcat ship with rule sets containing thousands of such transformations.
Keyboard walks — Sequences like "qwerty", "1qaz2wsx", or "zxcvbn" that follow physical keyboard layout.
Date and year patterns — "Spring2024!" or "Company@2023" are common in corporate environments with forced rotation policies.

The zxcvbn Algorithm

The zxcvbn algorithm, developed by Dropbox engineer Dan Wheeler in 2012, addresses the gap between theoretical entropy and real-world password strength. Instead of counting character classes, zxcvbn decomposes a password into the sequence of patterns that produces the lowest total entropy estimate.

It recognizes several pattern types:

Dictionary words — checked against multiple wordlists (English words, common passwords, names, surnames, Wikipedia titles)
l33t substitutions — e→3, a→@, s→$, o→0, etc.
Spatial patterns — keyboard walks on QWERTY, Dvorak, and keypad layouts
Repeats — "aaa", "abcabc"
Sequences — "abcd", "1234", "gfed" (reversed)
Dates — any format (01/01/1990, 19900101, 1-1-90)

The algorithm scores passwords on a 0-4 scale. A password scoring 3 or above (estimated 10⁸+ guesses) is considered resistant to online attacks. A score of 4 (10¹⁰+ guesses) is resistant to offline attacks against slow hashes like bcrypt.

Why "correct horse battery staple" Works

The famous XKCD 936 comic illustrated a key insight: four random common words concatenated produce higher entropy than a short "complex" password while being far more memorable.

Assuming a wordlist of 7,776 words (the size of the EFF diceware list), a four-word passphrase has: log2(7776⁴) = 51.7 bits. Five words: 64.6 bits. Six words: 77.5 bits. This exceeds most "complex" 8-character passwords (52.4 bits maximum, usually far less in practice) while being significantly easier to type and remember.

The critical caveat: the words must be chosen randomly, not by the user. "correct horse battery staple" itself is now in password lists. Human-chosen phrases tend toward common collocations ("love you forever", "the quick brown fox") with far less entropy than random selection.

Current Recommendations

NIST SP 800-63B (2024 revision) and OWASP guidelines have converged on several evidence-based recommendations:

Minimum 8 characters (NIST), with 15+ recommended. OWASP recommends a minimum of 8 with a maximum of at least 64.
No composition rules — Mandatory special characters lead to predictable patterns ("Password1!") and do not improve security. NIST explicitly recommends against composition rules.
No periodic rotation — Forced password changes cause users to make minimal incremental changes ("Summer2024" to "Fall2024"). NIST recommends changing passwords only when compromise is suspected.
Check against breached password databases — The Have I Been Pwned Passwords API contains over 613 million unique breached passwords. NIST requires checking new passwords against such lists.
Use a password manager — Generate unique, random passwords for every account. The one password that must be memorized is the manager's master password — which should be a long random passphrase.

Want to check how a password holds up against pattern-based analysis? The Password Strength Checker uses entropy calculation and pattern detection to estimate crack time against both online and offline attack scenarios — without ever transmitting the password over the network.