Skip to content
Related Articles

Related Articles

Password Entropy in Cryptography
  • Last Updated : 16 Feb, 2021

Password Entropy is the measure of password strength or how strong the given password is. It is a measure of effectiveness of a password against guessing or brute-force attacks. It decides whether the entered password is common and easily crack-able or not. It is calculated by knowing character set (lower alphabets, upper alphabets, numbers, symbols, etc.) used and the length of the created password. It is expressed in terms of bits of entropy per character.

Calculation of total number of possible passwords :

In this, you will see how to calculate the total number of possible passwords which can be created with a given character set with the help of examples. 

Example-1 : 

Consider the following password policy of an information system where users are required to create their password with at least 5 characters and at most 7 characters from the character set with lowercase letters a-z, uppercase letters A-Z and digits 0-9. Calculate the total number of possible passwords which can be created from it.



Solution – 

Total characters = 26(a-z) + 26(A-Z) + 10(0-9) = 62
Passwords must be between 5 characters to 7 characters
=> P = \Sigma^{7}_{k=5} 62^k\\ = 62^5 + 62^6 + 62^7\\ = 3.5 * 10^{12}   possible passwords.

Example-2 : 

Consider the following password policy of an information system where users are required to create their password with at least 5 characters and at most 7 characters from the character set with lowercase letters a-z, uppercase letters A-Z and digits 0-9. Calculate the total number of possible passwords using at least one digit which can be created from it.

Solution –

Total characters = 26(a-z) + 26(A-Z) + 10(0-9) = 62
Passwords which can be formed without using any digit = 62 - 10 (0-9) = 52
Passwords must be between 5 characters to 7 characters with atleast one digit
=> P =\Sigma^{7}_{k=5} 62^k -  \Sigma_{k=5}^{7} 52^k\\= 3.5 * 10^{12} - 1.048 * 10^12 \\= 2.45 * 10^{12}  
 possible passwords.

Example-3 : 

Now assume that attacker uses a machine with a test capacity of cracking 2.5 million passwords/second and on an average success is achieved if it can test 75% of the overall number of the password. Then calculate the time required by the attacker to crack the password in example 2.

Solution –

Time required = Total number of possible passwords * rate * accuracy
= 2.45 * 10^{12} * \frac{1}{250000} * \frac{75}{100}\\ = 8.67   days

Calculation of password entropy :

In this, you will see how to calculate the password entropy. Password Entropy is calculated by the following formula as follows.

Password Entropy = log_{2}  (number of characters in character set) * length of the password

Example-4 : 

Calculate the password entropy of geeksfg123 chosen from the character set used in example 1.

Solution –

Number of characters in character set = 62
Length of password = 10 (geeksfg123)
Password Entropy = \log_{2} (62) *10\\ = 5.95 * 10\\ = 59.5   bits of entropy per character

Attention reader! Don’t stop learning now. Get hold of all the important CS Theory concepts for SDE interviews with the CS Theory Course at a student-friendly price and become industry ready.

My Personal Notes arrow_drop_up
Recommended Articles
Page :