·crypto
Password Entropy Meter
Compute password strength via Shannon entropy. Detect character classes, project crack time for four attacker profiles. Nothing leaves your browser.
password · entropy · security
Compute password strength via Shannon entropy. Detect character classes, project crack time for four attacker profiles. Nothing leaves your browser.
password · entropy · security
The intuition for "strong password" misleads. Tr0ub4dor&3 is weak; correct horse battery staple of four words is strong. Reason: entropy scales with character count × alphabet size, not with how scrambled it looks.
This lab applies the Shannon entropy formula () live and projects crack time for four attacker profiles.
bcrypt/Argon2 kullanan sistemlerde GPU saldırısı saniyede binlerle sınırlıdır. MD5/SHA-1 ile hash'lenmiş parolalar milyarlarca deneme/saniye ile kırılabilir.
Modulo bias önlemi: cutoff = floor(2³²/N)×N, cutoff üstü değerler reddedilir. Fisher-Yates shuffle + zorunlu charset coverage.
H ≈ 75 bits) is stronger than an 8-char mixed one (H ≈ 53 bits)The lab shows a "best case" entropy — assumes the password was chosen uniformly at random over its alphabet. Real passwords are not uniform — Password123! looks like 73 bits but is one of the first guesses in any wordlist; an actual attacker breaks it in seconds. Dictionary resistance is a separate axis (libraries like zxcvbn try to model it).
Practical takeaway: if you picked the password yourself it's weak; let a password manager generate it. 16+ chars, four classes, off-dictionary.