What entropy bits are, and why we won't give you a percentage

Published on by David Carrero

A strength percentage is an opinion with two decimal places.

When a website tells you your password is “92% secure,” the obvious question is: 92% of what? What’s the 100%? It doesn’t exist. Nobody has ever published the perfect password that everything else is measured against. That number comes out of some scoring rule improvised on a Tuesday — so many points for the capital, so many for the symbol — and its only real job is to turn the little bar green so you’ll move on.

Bits, on the other hand, always mean exactly the same thing. And they mean something you can use.

A bit is a yes-or-no question

The whole idea fits in one sentence: every bit doubles the number of guesses someone who knows nothing about you needs.

One bit is two possibilities. Two bits are four. Three, eight. Ten bits are 1,024 and twenty bits are a bit over a million. The count doesn’t climb, it doubles, and doubling is what sends intuition off a cliff.

That’s why “40 bits is twice as good as 20” is wrong in an almost funny way. Between 20 and 40 bits there are twenty doublings, that is, a factor of 2²⁰: 40 bits isn’t twice 20, it’s a million times more. And 60 bits isn’t three times 20: it’s a million times more than 40. Our heads read that scale like a tape measure, and it isn’t one. It’s a scale like the one for earthquakes or decibels, where a tiny step in the number is a brutal leap in reality.

That’s the entire advantage of the bit over the percentage. The percentage gives you a feeling. The bit gives you an amount of work.

Where the word comes from

The word entropy, applied to information, comes from a 1948 paper: A Mathematical Theory of Communication, by Claude Shannon.

It’s worth being precise about this, because it gets misquoted a lot: Shannon wasn’t thinking about passwords. There were no computer passwords worth mentioning. He was at Bell Labs working on a very different problem — how much information a message actually carries, and how far you can compress it before it breaks — and he needed to measure something slippery: the uncertainty of the person on the other end.

His finding, put bluntly, is that information and surprise are the same thing. A message you already knew tells you nothing. A message you couldn’t possibly have anticipated tells you a great deal. Entropy measures how much surprise there is in the source producing the messages, and it’s measured in bits.

That this turns out to be useful for passwords is almost a happy accident. A password is, precisely, a message that has to be impossible to anticipate.

The lock with the little wheels

Here’s the only formula in this article, and I promise it’s free:

H = L × log₂(N)

Forget the logarithm for a second and picture one of those bike locks with the spinning number wheels. You have two ways to make life harder for whoever wants to open it:

  • Add more wheels. That’s the length (L): how many characters your password has.
  • Put more symbols on each wheel. That’s the alphabet (N): whether each wheel carries just the ten digits, or the 26 letters, or letters and numbers and punctuation.

The logarithm does exactly one thing: it translates “how many symbols a wheel carries” into “how many bits that wheel contributes.” A 26-letter wheel contributes about 4.7 bits. A wheel with all 95 printable characters on the keyboard contributes about 6.6.

And there’s the joke. Look at where each thing sits in the formula. The alphabet is inside the logarithm, squashed flat; the length is outside, multiplying.

Nearly quadrupling the symbols on every wheel — from 26 letters to 95 characters — buys you less than two bits per wheel. Adding one more wheel buys you a whole log₂(N), again, and again, and again. That’s why twelve lowercase letters and nothing else (about 56 bits) beat eight characters with the capital, the number and the symbol the signup form demanded (about 53). P@ssw0rd loses to correcthorsebatterystaple, and it isn’t even close.

NIST, in SP 800-63B, arrived at the same place by another road: it threw composition rules overboard — one capital, one number, one symbol — and kept length plus checking the password against breach lists. It’s worth not putting words in its mouth: its argument isn’t this one about the formula, it’s that forcing people to jam in a symbol doesn’t make them unpredictable, it just makes them predictable in a different way. In fact, the document itself is wary of estimating the entropy of a human-chosen password. Two different lines of reasoning, the same conclusion. Mandatory complexity works inside the logarithm. Length works outside.

The fine print almost nobody mentions

There’s a catch, and it’s the honest part of all this: entropy doesn’t measure your password, it measures the process that made it.

4$Kp!9zQ doesn’t have those 53 bits because it looks hard. It has them if — and only if — it came out of a genuinely random draw among the 95 keys. If you typed it yourself trying to look random, the formula doesn’t apply: you are not a random draw. You put the capital first, the number last, and the symbol is a !. Whoever attacks you doesn’t try all 95 options in every position: they try the ones people actually pick first.

That’s where the uncomfortable asymmetry of password security comes from. Entropy is a ceiling, not a floor. If a machine generates it, the ceiling is real. If you choose it, all you know is that you’re below it, and you don’t know by how much.

That’s why there are two tools and not one. The generator does a real draw, and that’s why it can show you the bits with a straight face: it knows how many wheels it has (L), it knows how many symbols each one carries (N), and it does the multiplication in front of you. Move the slider and watch the number climb, and you’re watching L push. The checker, on the other hand, can’t do that with a password that already exists: it has no idea how it was born, so it does the only sensible thing, which is to look for it in dictionaries, names and keyboard patterns and assume the worst.

What to take away

Three sentences:

  • A bit is a doubling. Ten more bits is a thousand times more work; twenty more bits, a million.
  • Length multiplies, the alphabet barely adds. Adding a word is worth more than adding an exclamation mark.
  • Bits only count if the randomness is real. A machine can promise them. You, typing by hand, can’t.

Shannon was after how much surprise fits in a message. Seventy-odd years later, it turns out that was exactly the right question to ask about a password: not whether it looks complicated, but how much surprise it carries for someone who doesn’t know you at all.


Sources: C. E. Shannon, “A Mathematical Theory of Communication,” Bell System Technical Journal, 1948 · NIST SP 800-63B, Digital Identity Guidelines (Authentication and Lifecycle Management) · the password.es generator, which computes H = L × log₂(N) and shows L, N and the resulting bits.

← Back to the blog