How many bits are there in a character in a password?

Question

Trying to understand more about password security.

---

How many bits are there in a character in a password?

For example, say I choose the following password for an account: 4T!h36*^^NQi!u*6m7qFT&3X$L6!x6^&

How many bits are in this password?

---

Say I choose a different password only composed of alphanumeric characters: 45v9Zu9tvrWTd5ew8qsp9w9d899zf6su

Is the number of bits influenced by the composition of the password (i.e. whether I include special characters or not) or is it only affected by the length?

---

What would constitute a 256-bit password on a website?

Answer 1

I'm assuming that what you mean is the amount of information contained in a password, ie. the effort it takes to bruteforce a password compared to a 256Bit key.

You can calculate the amount of possible combinations by (number of possible characters)^(length of password).

e.g. a 20 character password containing only lowercase letters has 26²⁰ possible combinations.

From that you can calculate the information contained in the password by log2(number of combinations)

That means a 20 character password containing only lowercase has equal security than a log₂(26²⁰) = 94Bit Key. They are equally hard to bruteforce.

Calculating the bit-strength of a passwort is a good measure of how good a password is.

Important: Please note that this assumes that the password is completely random and doesn't contain any words, ie. every character is statistically independent from each other