Answer Key to Calculating Password Entropy
Password strength is determined with this chart:
< 28 bits = Very Weak; might keep out family members
28 - 35 bits = Weak; should keep out most people, often good for desktop login passwords
36 - 59 bits = Reasonable; fairly secure passwords for network and company passwords
60 - 127 bits = Strong; can be good for guarding financial information
128+ bits = Very Strong; often overkill
While a password with 40-50 bits of entropy may be semi-safe now, it is only a matter of time until GPUs become more powerful, and password cracking takes less time!
1 - 10 Now calculate password entropy for the following passwords:
E = 37.6 1. password
R = 26 since its pool
of characters is just
the 26 lower case
letters and L = 8
(the length)
E = 45.6 2. Password
R = 52 and L = 8
E = 28.2 3. qwerty
R = 26 and L = 6
E = 31.0 4. abc123
R = 36 and L = 6
E = 76.3 5. MrP*MathPage
R = 82 since it
uses upper and
lower case and
ASCII characters
and L = 12
E = 19.93 6. 123456
R = 10 and L = 6
E = 37.6 7. starwars
R = 26 and L = 8
E = 37.6 8. baseball
R = 26 and L = 8
E = 63.6 9. P33e=7a*E6m
R = 82 and L = 10
E = 76.3 10. Q77a&-2kB4R2
R = 82 and L = 12
R = 20 11. If the password
entropy of an eight
character password
is 34.9 bits,
what is the pool
of characters?
R = 12 12. If the password
entropy of a twelve
character password
is 55.7 bits,
what is the pool
of characters?