EN 中文

Password Strength

Type in a password. Your password will be analysed and you'll get to see some lovely stats.

Input your password

Note, the passwords you input here are not stored anywhere.

Inspiration

This tool utilises a JavaScript script written by Dan Wheeler, a Dropbox employee, and the source code can be found in the GitHub repo here, his inspiration came from the xkcd comic below.

Password strength by xkcd

The theory behind it all

A simple way of measuring password strength is to estimate the entropy, usually converted into a bit-value.

Calculate Entropy for a given string

/**
 * Estimate entropy of given string and cardinality.
 *
 * The cardinality is the size of the symbol space, e.g.
 * a string of all lowercase letters has a symbol space
 * of 26 (one for each letter).
 *
 * @param  string   $string         String to be checked
 * @param  integer  $cardinality    Size of symbol space
 * @return integer                  String entropy (in bits)
 */
function getStringEntropy ($string, $cardinality)
{
    $length = strlen($string);
    $cardinality = 26;

    return $length * log($cardinality, 2);
}

Whilst this estimate is accurate for randomly generated passwords, (think LastPass, KeePass), humans don't come up with randomly generated strings, they use words, keyboard patterns or repeating strings (opensesame, qwerty123 etc.). Other people are a bit more careful with their passwords and may substitute letters of numbers (e.g. 1 for i, 3 for E), but even then, it's pretty trivial for a computer to take these into account.

Prev Project Next Project