How Secure Is My Password? Entropy, Crack Times, and What Actually Matters

“Is my password strong enough?” is the wrong question. The right question is: how long would it take to crack, against what attack model, protecting what data hashed with what algorithm? Vague strength meters on registration forms don’t answer that. This post does.

The Password Generator on this site gives you the raw material. This post explains the math behind why certain choices matter and others don’t.

What entropy actually measures

Password strength is measured in bits of entropy — the number of binary decisions an attacker has to make to find your password by exhaustive search. The formula is:

entropy = log2(charset_size ^ length)
        = length × log2(charset_size)

So for a password of length L drawn randomly from a character set of size N:

Character set	Size (N)	log2(N) bits per character
Lowercase only (a–z)	26	4.70
Lowercase + uppercase	52	5.70
Alphanumeric (a–z, A–Z, 0–9)	62	5.95
Full printable ASCII (inc. symbols)	95	6.57

A random 12-character password using full printable ASCII: 12 × 6.57 = ~79 bits. A random 8-character password from the same set: 8 × 6.57 = ~53 bits. Those 4 extra characters add 26 bits — meaning roughly 67 million times more guesses required.

Entropy is only meaningful for randomly generated passwords. Human-chosen passwords are not random. People cluster around birthdays, keyboard patterns, and dictionary words. When entropy calculations show up in this post, they assume a random draw from the stated character set.

Real crack speeds: hashcat on RTX 4090

The attacker’s bottleneck is the speed at which a compromised hash can be guessed. That speed depends entirely on which algorithm hashed the password. These are real hashcat benchmark numbers on a single RTX 4090 GPU:

Algorithm	Hashes per second	Notes
MD5	~68 billion	Raw MD5, no salting
SHA-1	~22 billion	Equally unsuitable for passwords
SHA-256	~10 billion	Still catastrophically fast for passwords
bcrypt (cost=12)	~184,000	Designed to be slow
Argon2id	~600–6,000	Depends on memory/time parameters

The takeaway is not subtle: MD5 and SHA-family algorithms were designed for speed. On a single consumer GPU, an attacker can test 68 billion MD5 passwords per second. bcrypt at cost 12 gets 184,000. That is a factor of 370,000. A password that would take 10 years against bcrypt falls in under 15 minutes against MD5.

This is why the algorithm matters as much as the password length. If the site storing your password uses MD5 (or worse, unsalted MD5), your password needs to be exceptional to survive a breach. If it uses bcrypt cost 12 or higher, you have breathing room.

For more context on algorithm choice, see MD5 Is Dead. Use These Instead.

Crack time estimates by entropy level

The table below shows estimated crack times against a bcrypt (cost=12) hash on one RTX 4090, at 184,000 hashes/second. This is realistic for a single-GPU offline attack after a database breach.

Entropy (bits)	Example	Guesses required (avg)	Time at 184k/s
30	6-char lowercase	~500 million	~46 minutes
40	8-char lowercase	~550 billion	~35 days
50	8-char alphanumeric	~562 trillion	~97 years
60	10-char full ASCII	~576 quadrillion	~99,000 years
70	12-char full ASCII	~590 quintillion	~101 million years
80	14-char full ASCII	~604 sextillion	~104 billion years
128	4-word Diceware	~170 undecillion	heat death

At 50 bits against bcrypt, you’re at 97 years on a single consumer GPU. A well-funded attacker with 100 GPUs cuts that to under a year. At 60 bits, that same 100-GPU rig would need 1,000 years. At 70+, practical cracking stops.

The implication: 70 bits is a reasonable minimum for modern passwords protecting accounts that matter. A 12-character random password from full ASCII gives you ~79 bits. A 15-character random alphanumeric password gives you ~89 bits.

Why length beats complexity

The single most effective thing you can do for password security is add length. Here’s why, concretely:

• 8-character full ASCII: 8 × 6.57 = ~53 bits
• 12-character lowercase only: 12 × 4.70 = ~56 bits
• 12-character full ASCII: 12 × 6.57 = ~79 bits

Adding complexity (special characters) to a short password adds a few bits per character. Adding length multiplies the search space. A 12-character lowercase-only random password is meaningfully stronger than an 8-character password with symbols, numbers, and uppercase.

Conversely, requiring users to add ! at the end of their existing password adds essentially zero entropy. Attackers’ dictionaries include the common substitutions: p@ssw0rd!, P4$$word, S3cur1ty!. Rules-based password mutation is a standard part of dictionary attack tooling in hashcat.

Passphrase vs password: the Diceware case

A 4-word Diceware passphrase — drawn from a 7,776-word list by rolling five dice four times — has:

entropy = log2(7776 ^ 4) = 4 × log2(7776) ≈ 4 × 12.92 ≈ 51.7 bits

That’s modest. 5 words gives ~64.6 bits. 6 words gives ~77.5 bits.

The practical argument for passphrases is memorability. correct-horse-battery-staple is genuinely random (each word was chosen by dice roll, not by the user’s brain) and humans can remember it where they can’t remember Kx!9mQ2#vL. That memorability advantage disappears if you use the passphrase across multiple sites or allow small variations.

Passphrases are not inherently stronger than passwords of equivalent entropy — the math is the same. They’re a different trade-off: lower entropy per character, higher entropy per unit of memorability.

For passwords you don’t need to memorize (which should be most of them — use a password manager), randomly generated character strings are more entropy-dense. A 16-character random password from lowercase + uppercase + digits gives 16 × 5.95 ≈ 95 bits. You’d need a 7-word Diceware passphrase to beat that.

When passphrases make sense

• Master passwords for password managers (needs to be memorized, very high stakes)
• Disk encryption passphrases (same)
• SSH key passphrases

Everywhere else: use your password manager to generate and store a long random string. You don’t need to remember it.

What makes a password bad

The entropy formula only applies to randomly generated passwords. Human-chosen passwords compress dramatically because people are predictable. In an offline attack, the attacker doesn’t start at aaaaaaaa and count up — they start with:

Dictionary attacks

A dictionary attack uses wordlists: common words, names, sports teams, song lyrics, movie titles, passwords from previous breaches. The RockYou2024 wordlist has over 10 billion entries. If your password is a word or phrase that appears in any text on the internet, it will be in the dictionary.

A 20-character sentence like ilovemydog has 10 characters but is trivially crackable — not because it’s short, but because it’s composed of predictable words.

Keyboard walks

qwerty, asdfghjkl, zxcvbnm, 1qaz2wsx, qwertyuiop. Keyboard-pattern passwords are in every serious wordlist. So are their capitalizations, number replacements, and symbol additions.

Known breach lists

After a breach is leaked, cracked passwords are recycled into wordlists for future attacks. HaveIBeenPwned has over 800 million compromised passwords in its database. The HaveIBeenPwned API lets you check whether a given password hash has appeared in known breaches without transmitting the actual password.

Any reasonable password policy today should include a breach-list check. A randomly generated 6-character password has far less absolute entropy than Password123, yet Password123 is in every wordlist and cracks in milliseconds.

Character substitutions

P@ssw0rd contains no entropy that Password doesn’t, from an attacker’s perspective. Mutation rules applied to dictionary words (leet substitutions, trailing numbers, leading capitals, appended special characters) are table stakes in any cracking campaign.

A practical framework

Given all of the above, here’s what “strong” actually means:

Minimum for low-stakes accounts (forums, newsletters): 12+ characters, randomly generated, stored in a password manager. This gives ~79 bits against full ASCII. Not worth hand-crafting.

Minimum for high-stakes accounts (email, banking, cloud infra): 16+ characters, randomly generated. At 16 full ASCII characters, you have ~105 bits. Against bcrypt cost 12, this is computationally infeasible to crack.

Memorized passwords (master password, disk encryption): 6-word Diceware minimum (~77.5 bits), or 12+ characters if you can memorize them reliably. Write nothing down that isn’t itself stored securely.

Never: dictionary words with substitutions, keyboard patterns, names + birthdays, any password you’ve used before.

The Password Generator generates cryptographically random passwords and passphrases entirely in your browser. Nothing leaves your device.

Further reading

• MD5 Is Dead. Use These Instead. — the algorithm side: why the hashing function matters as much as the password
• JWT Security Checklist for 2026 — credential handling in auth systems
• OWASP Authentication Cheat Sheet
• EFF Diceware Passphrase Wordlist — the standard reference for generating passphrases with physical dice