Password Entropy[Node.js Home][Home]
Password entropy measures the strength of a password, and is measured as the number of bits which could represent all of the possibilities. An entropy score of less than 25 identifies a poor password, and between 25 and 50 is a weak password. For 50 to 75 we have a reasonable password, and between 75 and 100 is a very good password. Over 100 is an excellent password. The strength of the password relates to the number of characters used, and also the number of characters in the password.
|
Background
The character sets include:
'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' '0123456789' '!@#$%^&*() '~`-_=+[]{}\\|;:\'",.<>?/'
The entropy is \(ent=\frac{ \log_{10}(N^L)}{\log_{10}(2)} =\frac{ L \log_{10}(N)}{\log_{10}(2)} \). For a six character numeric password, we have 10 different characters ( \(L\) ) in six positions (\(N\)), we get:
\(ent=\frac{ L \log_{10}(N)}{\log_{10}(2)} = \frac{ 10 \log_{10}(9)}{\log_{10}(2)}= 19.93 \)
For "qwerty" we have six characters, and 26 possible characters for each one:
\(ent=\frac{ L \log_{10}(N)}{\log_{10}(2)} = \frac{ 26 \log_{10}(6)}{\log_{10}(2)}= 28.20 \)
For "Qwerty" we have six characters, and 52 possible characters for each one:
\(ent=\frac{ L \log_{10}(N)}{\log_{10}(2)} = \frac{ 52 \log_{10}(6)}{\log_{10}(2)}= 34.20 \)
For "Qwerty1" we have six characters, and 62 possible characters for each one:
\(ent=\frac{ L \log_{10}(N)}{\log_{10}(2)} = \frac{ 62 \log_{10}(7)}{\log_{10}(2)}= 41.68 \)
For "Qwerty1!" we have six characters, and 72 possible characters for each one:
\(ent=\frac{ L \log_{10}(N)}{\log_{10}(2)} = \frac{ 72 \log_{10}(8)}{\log_{10}(2)}= 49.36 \)
For "Qwerty1!~" we have six characters, and 86 possible characters for each one:
\(ent=\frac{ L \log_{10}(N)}{\log_{10}(2)} = \frac{ 96 \log_{10}(9)}{\log_{10}(2)}= 59.26 \)
var entropy = require('string-entropy'); const args = process.argv.slice(1); mystr = args[2]; console.log("String:\t\t",mystr); res=entropy(mystr) console.log("Entropy:\t",res); if (res<25) console.log("Poor password"); else if (res<50) console.log("Weak password"); else if (res<75) console.log("Reasonable password"); else if (res<100) console.log("Very good password"); else console.log("Excellent password");