Password Entropy & Cracking

Visualize the math behind password security. See how entropy works and how quickly modern hardware can crack your secrets.

Generator

16

Entropy Strength

0 bits

Start typing...

Time to Crack (NTLM Hash)

iPhone 15

Mobile CPU

Instant

25 GH/s

Gaming Grid

1x RTX 4090

Instant

200 GH/s

Botnet

10k Compromised PCs

Instant

10 TH/s

NSA Array

Theoretical Supercomputer

Instant

1 PH/s

*Estimates based on NTLM hash speeds (Windows passwords), which are fast to crack. Slower hashes like bcrypt/Argon2 would take significantly longer.

Why Passphrases?

For years, we were taught to use "Complex" passwords like Tr0ub4dor&3. The problem? Computers are great at guessing these substitutions, but humans are bad at remembering them.

Tr0ub4dor&3 ~28 bits (Weak)
correct horse battery staple ~44 bits (Strong)

This "Passphrase" strategy is now recommended by NIST SP 800-63B and popularized by XKCD 936.

The Power of Length

entropy is calculated using the formula:

Entropy = Length × log₂(Pool Size)

Because Length is a multiplier, it has a massive effect.

  • + Adding 1 Symbol (like $ or !) adds only ~6 bits of entropy.
  • + Adding 1 Word (like "battery") adds ~13 bits of entropy.

*A random dictionary word is harder to guess than a single special character.