Key Space Size Calculator

Reviewed by the CalculatorHub team, edited by James Graham. Key space, entropy bits and brute-force time. Last verified 17 June 2026.

The strength of a key or password against brute-force guessing comes down to how many possibilities there are. For a key of fixed length drawn from an alphabet of N symbols, the key space is N to the power of the length, and the entropy in bits is the base-2 logarithm of that. This calculator returns the entropy in bits, the key space in scientific notation, and the average time to brute force it at a guessing rate you set. The guess rate is a user input because it depends entirely on the attacker's hardware and the hashing in use.

Alphabet size (symbols)

Key length (symbols)

Guess rate (guesses/sec)

Entropy (bits)

0.00

Key space (scientific)

Avg crack time (seconds)

0.00

Avg crack time (years)

0.00

Key space formula

key space = alphabet^length
entropy (bits) = length * log2(alphabet)
avg guesses = key space / 2
avg crack time (s) = avg guesses / guess rate
years = seconds / 31,557,600

Entropy in bits is the size-independent strength measure. Key space is shown in scientific notation because it grows astronomically. The brute-force estimate assumes the key is found on average after half the space is searched.

Key space context

Each added symbol multiplies the key space by the alphabet size.
Adding one bit of entropy doubles the brute-force effort.
Digits give 10 symbols, lowercase 26, mixed alphanumeric 62, printable ASCII 95.
The guess rate spans many orders of magnitude depending on hardware and hashing.
Modern symmetric keys target 128 bits or more of entropy.

Key space: frequently asked questions

What is key space?

Key space is the total number of possible keys or passwords. For a key of fixed length L drawn from an alphabet of N symbols, the key space is N raised to the power L. A 4-digit PIN (N=10, L=4) has a key space of 10,000.

What is entropy in bits?

Entropy in bits is the base-2 logarithm of the key space: log2(N^L) which equals L times log2(N). It measures the strength as the number of bits an equivalent random binary key would need. A 128-bit key has 128 bits of entropy and a key space of 2^128.

How is brute-force time estimated?

On average an attacker tries half the key space before finding the key. Average time equals (key space divided by 2) divided by the guess rate. The guess rate (guesses per second) depends on the attacker's hardware and the hashing scheme, so it is a user-editable input.

Why is the guess rate a user input?

There is no single true value: it ranges from thousands per second for a slow password hash to trillions per second for fast hashes on specialised hardware. We never hardcode an attacker capability; enter the rate that fits your threat model.

What alphabet size should I use?

Use the number of distinct symbols each position can take: 10 for digits, 26 for lowercase letters, 62 for mixed-case alphanumeric, 95 for printable ASCII. For a randomly generated binary key, set alphabet to 2 and length to the number of bits.

Official sources

NIST: Digital Identity Guidelines (SP 800-63B) on entropy.
NIST glossary: entropy and key space definitions.

Reviewed by the CalculatorHub team, edited by James Graham, 17 June 2026. See our methodology.