A professional, entropy‑aware password generator written in Python.
It allows you to specify the exact composition of the password (how many lowercase letters, uppercase letters, digits, and special characters) and calculates the entropy of the generated password in bits.
- Customisable length – from 8 to 128 characters.
- Exact character type counts – choose how many lowercase, uppercase, numeric, and special characters must appear.
- Entropy calculation – the program computes the theoretical entropy of the password given its composition, expressed in bits.
- Input validation – prevents invalid combinations (e.g., total count different from length, exceeding maximum length, or leaving no characters for a selected type).
- Simple command‑line interface – runs in any terminal.
In information theory and computer security, entropy measures the unpredictability or randomness of a password. It quantifies how many guesses an attacker would need, on average, to crack the password by brute force.
A password’s entropy is usually expressed in bits. If a password has n bits of entropy, an optimal brute‑force attack would require up to 2ⁿ attempts to try all equally likely possibilities.
Unlike simple formulas that assume characters are chosen uniformly from a single character set (e.g., log2(set_size * length)), this generator respects the exact composition you demand.
Given:
L= total length of the passwordc₁,c₂, … = number of characters from each chosen character set (e.g., 4 lowercase, 3 uppercase, 2 digits)|S₁|,|S₂|, … = size of each character set (e.g., 26 for lowercase letters, 26 for uppercase, 10 for digits, 32 for printable punctuation)
The total number of distinct passwords that match that exact composition is:
N = (L! / (c₁! · c₂! · …)) · (|S₁|ᶜ¹ · |S₂|ᶜ² · …)
Explanation:
- Multinomial coefficient –
L! / (c₁!·c₂!·…)is the number of different ways to arrange the chosen characters (positions of each type). - Character assignments – For each type,
|S₁|ᶜ¹is the number of ways to choose the actual characters (with repetition allowed, because a character may appear more than once).
The entropy in bits is then:
H = log₂(N)
The implementation uses natural logarithms and the math.lgamma function to compute log‑factorials without overflow, even for very large L (up to 128).
- Low entropy (e.g., < 30 bits) → a password can be cracked in seconds or minutes with modern hardware.
- Moderate entropy (e.g., 40–60 bits) → feasible for dedicated attackers (e.g., GPU‑based cracking).
- High entropy (e.g., > 80 bits) → computationally infeasible to brute‑force for the foreseeable future.
For most online services, 60‑80 bits is considered strong. Offline encryption (e.g., disk encryption) often requires 100+ bits.
Password length = 12, composition: 6 lowercase, 3 uppercase, 2 digits, 1 special character.
L! / (6!·3!·2!·1!)→ ~ 665,280 arrangements- Character options: 26⁶ × 26³ × 10² × 32¹ → ~ 2.43×10¹⁸ assignments
- Total possibilities N → ~ 1.62×10²⁴
- Entropy →
log₂(1.62×10²⁴)≈ 80.4 bits
This password would take billions of years to crack by brute force.
- Python 3.6 or higher (no external libraries needed);
- Works on Linux, macOS, Windows.
- Save the code as
pypassgen.py - Open a terminal in the same directory.
- Execute the command:
python pypassgen.pyorpython3 pypassgen.py; - Follow the prompts.
All rights reserved. This project is provided for demonstration purposes only. No permission is granted to use, copy, modify, merge, publish, distribute, sublicense, or otherwise reproduce any part of this software without explicit written consent from the author. Unauthorized use, modification, or redistribution is strictly prohibited.