Is KeePassXC accurate calculating entropy of a password?

Anyone knows if KeePassXC is accurate when calculating entropy of a password?
I mean if you want to encrypt something, you may use KeePassXC to type the password and see the entropy score. Is it accurate? I mean, this would be better than using some of these websites, since you do not want to type your password on a website obviously. I just don’t know if you can trust it.

If yes, how much entropy would you recommend so no one can crack it?

Would it be possible to memorize a password with impossible to crack entropy score or you would forget it?

I can’t estime the KeePassXC entropy calculation but i know from their github repo that they use GitHub - tsyrogit/zxcvbn-c: C/C++ version of the zxcvbn password strength estimator , maybe you can look at some pointers there. also here is an nice explication on how password entropy How to Calculate Password Entropy? - Password Generator .

Hope this can help

Entropy is the base 2 logarithm of the total number of passwords that could be generated by your chosen method. The generation being random is crucial to this, so you can’t rely on human choice. Therefore, you can’t measure the entropy of an arbitrary password that has an unknown generation method.

In KeePassXC, the password generation menu only shows a measure of the password’s guessability with zxcvbn as linked above, and should pretty much be ignored. The passphrase generation menu shows the actual entropy of the generator, but does not indicate that the entropy is no longer valid after you manually edit the passphrase. Having both of these things labelled as “entropy“ in similar menus is inconsistent and only serves to confuse unknowledgeable users. They could easily show the actual entropy as a value for the generator and then show the guessability under the password as you change it. But, they would rather mislabel guessability as entropy and display invalid entropy for manually edited passphrases.

The maintainer has a lack of understanding for what entropy is. They seem to think entropy is something other than a measure of the password generator, and continue to stifle discussion on it.

The entropy you should target depends on whether your password will be put through a key derivation function or is otherwise rate limited by a secure hardware element and/or a remote server. I’ll just recommend 80, but don’t use the value in KeePassXC for that. Do log_2((size of character set)^(password length)) for your method of generation. Passphrases should be easier to remember, and you should replace character by word and password length with number of words in the entropy calculation.