Password entropy is a measure of the strength of a password, based on the amount of randomness or unpredictability it contains. A password with high entropy is more difficult to guess or crack than a password with low entropy. There are several factors that contribute to the entropy of a password: 1. Length: A longer password will generally have higher entropy than a shorter password, as it has more possible combinations of characters. 2. Character set: A password that uses a larger character set (e.g. a mix of letters, numbers, and special characters) will generally have higher entropy than a password that uses a smaller character set (e.g. just letters). 3. Randomness: A password that is randomly generated will generally have higher entropy than a password that is chosen by a person, as it is less likely to contain patterns or be based on easily guessable information (e.g. a dictionary word). To calculate the entropy of a password, you can use a password strength calculator or entropy calculator. These tools take into account the length and character set of the password, as well as other factors such as the frequency of use of different characters. In general, it is recommended to use passwords with high entropy to help ensure the security of your accounts and protect against brute-force attacks and other types of password cracking. Some security experts recommend using passwords with at least 128 bits of entropy, although the exact level of entropy needed will depend on the specific security requirements of the application. Password entropy is measured in bits and uses the following formula where: ``` C=Size of Character set & L=Length of password: log(C) / log(2) * L ``` To calculate the time to crack, just use the benchmarking function on your favorite cracking software against your mode of hash to obtain cracks per second. The table below estimates password length using an MD4 hashing function against an 8 GPU x Nvidia GTX1080 system: | Length | Alphanumeric | Time to Crack | | ----- | ---------- | ----------------- | | 0-9, | a-z, A-Z | (350 GH/s) | | 8 | 47 bits | ~15 Mins | | 9 | 54 bits | ~14 Hours | | 10 | 59 bits | ~457 Hours | | 11 | 65 bits | ~3.3 Years | | 12 | 71 bits | ~214 Years | | 13 | 77 bits | ~13,690 Years | | 14 | 80 bits | ~109,500 Years | | 15 | 89 bits | ~56,080,000 Years | | 20 | 119 bits ~ | Doesn't Matter | *Table only truly matters for randomly generated passwords Resources*