KeePass Help Center KeePass Home | Downloads | Translations | Plugins | Donate 
Help Center Home | Forums | Awards | Links 







Password Quality Estimation

Details on the quality/strength estimations in KeePass.


General Information

KeePass 1.26 / 2.23 and newer. KeePass uses an advanced algorithm for estimating the quality/strength of passwords. It searches for patterns, like e.g. popular passwords (based on a built-in list of about 10000 most common passwords; variations by upper-/lower-case and L33t substitutions are detected), repeated sequences, numbers (consisting of multiple digits), constant difference sequences, etc. For each pattern combination covering the whole password, the cost (number of bits required to encode the data and the order of the pattern identifiers) is calculated. For encoding pattern identifiers, an optimal static entropy encoder is used. Each single password character forms a pattern of length 1 and is encoded using a character space-dependent damped static entropy encoder. The minimum pattern combination cost is used as the final quality estimation.

KeePass 1.25 / 2.22 and earlier. These old versions of KeePass used a simple algorithm for estimating the quality/strength of passwords. It checks which character spaces are used (upper-case, lower-case, digits, special characters, ...). Repeated characters and character differences result in penalties. Finally, KeePass tests whether the whole password is popular (based on a built-in list of about 1500 most common passwords), and if so, the final estimation is only 1/8th of the statistical rating.


Entropy to Quality

KeePass shows the quality of a password in entropy bits (equivalent size of a random symmetric key). The bit count can roughly be translated to quality as follows:

BitsStrength
0-64Very weak
64-80Weak
80-112Moderate
112-128Strong
≥ 128Very strong


Comparison

The table below lists the estimated strengths of the given passwords. Values are in bits (rounded up to the nearest integer, if rational bit strengths are shown) or as a fraction of a strong password (1/4 = very weak, 2/4 = weak, 3/4 = strong, 4/4 = very strong). One line shows the password to be tested, and the line below the estimated strengths.

The values were obtained using the following program/website versions:

KP KP_Old ZX RST Y
t
5 5 5 1/4
t4
11 11 10 4 1/4
t3XKczXFIOrqHRr_
92 99 91 82 4/4
t3XKczXFIOrqHRr_t3XKczXFIOrqHRr
102 123 175 177 4/4
+wq)tIw6gb4]Uh@"-E(=
127 129 116 103 3/4
zK_f7M\(#"W-?4AyN6g}
131 125 125 99 4/4
89673460696657893304
60 34 67 37 4/4
acegikmoqsuwy
9 20 56 53 2/4
Abracadabra
8 6 16 49 3/4
abraCadaBra
10 6 21 49 3/4
ab®a©@daBra
19 70 47 66 4/4
.Abracadabram!67
41 81 44 81 4/4
77starTrek-sta®w@rs!$
63 127 71 128 4/4
hyevwfzfgyrlyafozwatdhujxlyltfdr
135 101 135 138 2/4
1e3e4f50f8f7fe42a27d5d21ebc36af7
130 96 153 131 3/4
111oo1o11oo1o1ooo1oo111oo11o1oooo1o11111
51 21 125 165 2/4
AaaAaaaAAaAaAAaAaaaaaAAaAAaaaaAAaAAaAAAA
54 24 71 211 3/4
aaaaaAaaaaaaaaaaaaaaaaaAaaaaaaaa
23 20 28 168 3/4
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
7 10 11 174 3/4








Get KeePass