Entropy Calculator|密码熵值计算器

密码熵值计算器 | Entropy Calculator

密码熵值计算器 Entropy Calculator

根据字符空间大小 N长度 L 估算密码的理论熵值(bits),并给出组合数与粗略猜解时间。
Estimate theoretical entropy (in bits) from charset size N and length L, plus combinations and rough crack time.

1. 输入参数 · Parameters
快捷:常见长度 8 / 12 / 16 / 20
这里的“长度”指字符数量,例如 Ab3$ 的长度为 4。
Length means the number of characters. For example, Ab3$ has length 4.
字符空间 N 代表“每一位可能出现的字符数量”。例如只用数字则 N=10;大小写+数字则 N=62。
N is the number of possible characters per position. Digits-only → N=10; A-Z+a-z+0-9 → N=62.
注意:真实密码往往存在模式(生日、键盘序列、重复),会显著降低实际安全性。
Real passwords often contain patterns (dates, keyboard walks, repeats), reducing real-world security.
常见参考:在线登录通常更慢;离线哈希更快(取决于算法与硬件)。
Typical: online login is much slower; offline hash cracking can be faster (depends on algorithm & hardware).
该速度仅用于“量级感知”。实际攻击还受限于:限流/锁定策略、哈希算法成本(如 bcrypt/argon2)、字典与规则攻击等。
This rate is for intuition only. Real attacks depend on rate-limits/lockouts, hash cost (bcrypt/argon2), dictionaries, rules, etc.
3. 使用说明 · Notes

这是什么?(CN)
“密码熵(Entropy)”常用来衡量“随机性/不确定性”的理论上限。本工具使用最常见的理想化模型:假设每一位字符都是独立且均匀随机地从字符空间里选取。 在这个假设下,长度为 L、字符空间大小为 N 的密码,其组合数为: N^L,熵值(bits)为:log2(N^L) = L · log2(N)

What does it mean? (EN)
Password entropy is a theoretical upper bound for randomness/uncertainty. This tool uses an ideal model: each character is chosen independently and uniformly at random from a set of size N. Under this assumption, combinations are N^L, and entropy in bits is log2(N^L) = L · log2(N).

  • 字符空间怎么选?(CN) 勾选“大小写/数字/符号”是常见近似;若你的系统只允许某些字符(例如不允许空格、不允许部分符号),可用“自定义 N”直接填写。
    How to choose N? (EN) Checking sets (lower/upper/digits/symbols) is a common approximation. If your system restricts characters, use “Custom N”.
  • 为什么这只是“理论熵”?(CN) 现实中用户常用可预测模式:生日、手机尾号、姓名缩写、键盘走位(qwerty)、重复(aaaa)、替换规则(a→@)等。 这些都会使实际可搜索空间远小于 N^L
    Why “theoretical”? (EN) Real passwords often contain patterns (dates, names, keyboard walks, repeats, common substitutions), so the real search space is far smaller than N^L.
  • 猜解时间怎么看?(CN) 本工具用“组合数 ÷ 猜解速度”给出量级估算,并默认显示“平均需要一半空间”这一常见直觉(平均尝试次数约为 50%)。 但真实世界里,攻击者通常优先用字典/规则攻击,很多“看起来熵很高”的密码也可能很快被命中。
    How to read crack time? (EN) We estimate time as “combinations ÷ guess rate”, and also show the intuition that average success is around 50% of the space. In reality, attackers use dictionaries/rules first, so some “high-entropy-looking” passwords can fall quickly.
  • 更靠谱的提升方式(CN) 若你想要“更接近真实安全性”的提升:优先使用长口令短语(passphrase)、启用MFA/2FA、并确保服务端使用慢哈希(bcrypt/argon2/scrypt)和合理的登录限流/锁定策略
    Practical upgrades (EN) For real-world security: use long passphrases, enable MFA/2FA, and rely on slow hashes (bcrypt/argon2/scrypt) plus rate-limiting/lockouts.

免责声明:本工具仅用于学习与估算,不构成安全审计或合规建议。不同系统的密码策略、哈希算法与防护策略差异很大。
Disclaimer: This tool is for education and estimation only. Real security depends heavily on system policies, hashing, and defenses.