Password entropy value deviates significantly e.g. from KeePass and other tools. Wondering why and if that is correct?

[MarcStrauch]

Hi all!

Having recently moved from KeePass2 to KeePassCX, I came across the situation that the entropy shown in KeePassXC for a certain password is deviating significantly from e.g. KeePass2 and some other websites that I checked.

Example password: !ThisIsATestPassword2025!
Certainly not the safest password in the world, but at least 25 characters long with large and small characters, numbers and basic special characters.

KeePassXC: 42 bit

---

KeePass2: 89 bit

---

https://devlateral.com/tools/password-entropy-calculator: 104 bit

---

https://timcutting.co.uk/tools/password-entropy: 154 bit

---

https://www.antivirus.promo/password-strength-checker: 164 bit

---

https://alecmccutcheon.github.io/Password-Entropy-Calculator: 98/144 bit

---

Looking to the "Hive Systems Password Table", any password longer than 18 characters is secure (at least against brute force)
https://www.hivesystems.com/blog/are-your-passwords-in-the-green?utm_source=tabletext

---

Not being a security expert, still a couple of thoughts/findings on that:

1. The entropy from KeePassXC is by far the lowest from all checked tools and websites. Is that on purpose to be more secure or following a different entropy definition?
2. For me it seems that the entropy generally known as to be secure >~80bits (don't hit me for that judgement) is not comparable with the entropy in KeePassXC?
3. Not sure if there is a common standard to calculate entropy, but for me the findings above are not consistent and confusing...

Thanks for sharing your thoughts on that!

Cheers and greetings from Germany
Marc

[m1gr]

"This will not be sent to our servers."

Before anyone try to do it with real passwords.
I advice do NOT enter you password on entropy "checker" / "calculator" websites.

[droidmonkey]

We use zxcvbn