Skip to main content

Table of Password Lengths for Various Character Sets and Entropies

Extra Cybersecurity Passwords
Ryan Gibson
Ryan Gibson
Quantitative Analyst | Computer Scientist

This is an extra post to accompany “Absurd Password Lengths and the Computational Limits of Humanity”, which focused on passwords that use the full printable ASCII set. The equivalent recommendations for other character sets are as follows.

Recall that these bit levels are from the limits computed in the main post for an attack over one year.

For example, you need 25 random alphanumeric characters to reach 128 bits of entropy.

Character set35 bits74 bits87 bits98 bits128 bits188 bits226 bits256 bits
Digits 0-91123273039576978
Hexadecimal 0-9A-F817202229435158
Alpha a-z816192128404955
Alphanumeric a-z0-9715171925374450
Case-sensitive Alpha a-zA-Z713161823334045
Case-sensitive Alphanumeric a-zA-Z0-9613151722323843
Case-sensitive Alphanumeric and Basic Symbols a-zA-Z0-9!@#$%^&*-_.?612151621313742
Printable ASCII (without space)612141520293540
Printable ASCII612141520293539