Password Combination Calculator

Estimate entropy, possible combinations, and brute-force time for a uniformly random password configuration.

📊 Random-password model only. This calculator assumes uniformly random character selection. Human-created passwords are typically far less random (predictable patterns, common words, repeated substitutions). Estimate uses 1e9 guesses/second as a single scenario. Actual attack rates, dictionary attacks, and breached-password databases can be much faster/slower.

Last updated: March 2026 | Security Tool

Password Configuration

Password Length (1-128)

Character Sets

Lowercase (a–z)(26)Uppercase (A–Z)(26)Digits (0–9)(10)Symbols(33)

Custom Characters (optional)

Random-Model Entropy

78.8

bits

Pool Size

log₁₀

23.73

Combinations

2e+1

Crack Time

1.71e+7 years

Random-Model Rating

⚠ Moderate

What is Password Entropy?

Password entropy measures the strength and unpredictability of a password. It's calculated as log₂(pool size ^ length), where "pool size" is the number of unique characters available and "length" is the number of characters in the password. Higher entropy means a stronger, harder-to-crack password.

According to current security standards, a password with 80+ bits of entropy is considered very strong and would take millions of years to crack using brute force. Passwords with 50-79 bits are moderate strength, while anything below 50 bits is considered weak. This calculator assumes an attacker can make 1 billion guesses per second.

Real-world security also depends on other factors beyond entropy, including whether the password is unique, how it's stored (salting and hashing), and whether it's protected against attacks like dictionary guesses or rainbow tables.

How to Use This Calculator

Step-by-Step

Step 1: Enter your desired password length (1-128 characters)

Step 2: Select which character types you'll use (lowercase, uppercase, digits, symbols)

Step 3: Optionally add custom characters like accented letters or emojis

Step 4: View your entropy, estimated cracking time, and strength rating

Character Pools

Lowercase: a-z (26 chars)

Uppercase: A-Z (26 chars)

Digits: 0-9 (10 chars)

Symbols: !@#$%^&*()_+-=[]{};':"\|,.<>?/ (33 chars)

Example Calculations

8 character lowercase-only password

Pool: 26 | Entropy: 37.6 bits | Strength: Weak

12 character mixed case + digits

Pool: 62 | Entropy: 71.2 bits | Strength: Moderate

16 character fully mixed + symbols

Pool: 95 | Entropy: 104.7 bits | Strength: Very Strong

Frequently Asked Questions

How much entropy do I need?

For most purposes, 70-80 bits is sufficient. For highly sensitive systems, aim for 100+ bits. Anything below 50 bits is considered weak and vulnerable to modern attacks.

Why does length matter more than complexity?

Length has exponential impact on entropy. A 16-character all-lowercase password is stronger than an 8-character password with all character types.

Does adding symbols significantly help?

Symbols increase pool size from 62 to 95 characters, adding about 5.6 bits of entropy per character. They help, but increasing length is usually more effective.

What about dictionary attacks?

This calculator assumes random passwords. Dictionary words are much weaker because attackers use word lists, not brute force. Always use random characters or passphrases.

Are 1 billion guesses/second realistic?

Yes, GPUs can make 1+ billion guesses per second offline. This assumes worst-case: password is hashed and stored locally without rate limiting.

Does this account for hashing?

No, this shows raw cracking time. Good password hashing (bcrypt, Argon2) makes cracking MUCH slower by design, providing additional protection.

Should I use this for online accounts?

This calculator is useful for estimating strength, but online accounts have rate limiting and lockouts that make cracking much harder. Never reuse passwords.

Why not use passphrases instead?

Passphrases can be very strong and memorable, but this calculator assumes random characters. For passphrases, use a different tool designed for word combinations.

Related Tools

Password Strength Checker

Check password security.

Password Entropy Calculator

Calculate password strength.

Caesar Cipher Shifter

Encode with Caesar cipher.

RSA Calculator

RSA encryption demo.

LFSR Calculator

Linear Feedback Shift Register.

Hamming Code Calculator

Generate error correction codes.

Browse all Tech Tools →