Entropy Lab PRO Statistical & Visual Randomness Audit

Key A: Manual Input

Shannon Entropy:
Shannon Entropy (0–4.0 bits)

A measure of how unpredictable each hex digit is. A score near 4.0 means all digits appear with equal frequency, indicating a well‑mixed distribution. Because 32 bytes is a small sample, a Miller–Madow correction is applied to reduce bias and produce a more accurate estimate of true entropy.
-
Chi-Square (Χ²):
Chi‑Square Fairness Test

Evaluates how evenly the 256 possible byte values are used. A well‑behaved 32‑byte key typically produces a Χ² score in the 200–300 range. Values above 400 indicate strong bias or “clumping,” suggesting the generator may not be mixing entropy correctly.
-
Serial Correlation:
Serial Correlation Coefficient (SCC)

The “smoking gun” of structural weakness. SCC measures how strongly each byte predicts the next. A truly random key hovers near 0.00. Values above 0.80 indicate severe, deterministic patterns that should never appear in cryptographic material.
-
Security Bits:
The estimated amount of real unpredictability remaining in the key after accounting for entropy loss, bias, correlation, and structural patterns. A perfect CSPRNG key scores near 256 bits. Keys below 128 bits are considered weak, and anything under 80 bits indicates severe structural vulnerability.
-
Entropy Bits:
A measure of how unpredictable the key truly is. Even though every key here is 256 bits long, structural patterns can reduce the effective randomness dramatically. A perfect CSPRNG key scores near 256 bits. Anything below 128 bits is considered weak, and values under 80 bits indicate severe structural bias.
-
Effective Security :
Effective Security

Calculated as 256 bits multiplied by our Quality Factor. It penalizes correlation and distribution bias to estimate the "real" keyspace used. After all penalties, a key must retain at least 128 bits of effective security to be considered safe. Anything below 80 bits is automatically rejected. Attackers don’t brute‑force the full 2²⁵⁶ space — they exploit structure. A key with perfect entropy but strong patterns can be 10³⁰–10⁴⁰× easier to crack than a truly random one. This system ensures those keys never pass as “valid”.
-
Pattern Score:
Detects structural weaknesses that traditional randomness tests miss. Even if Shannon entropy and Chi‑Square look perfect, a key can still be dangerously predictable if it contains repeated halves, mirrored sequences, low‑uniqueness byte pairs, or other algorithmic patterns. Even perfect Shannon entropy can hide structural weaknesses. Pattern Score detects repeated halves, mirrored sequences, low‑uniqueness byte pairs, and other algorithmic patterns that drastically reduce the effective keyspace. Values below 0.40 are treated as BAD. Humans can instantly spot patterns like abcdeffedcba..., but statistical tests often cannot. Pattern Score bridges this gap by identifying compressible or low‑complexity structures that drastically reduce the effective keyspace.
-
Quality Factor:
Quality Factor (QF)

A combined score that blends entropy, chi‑square fairness, serial correlation, and structural pattern analysis into a single measure. QF estimates how much of the full 256‑bit keyspace the key is actually using after penalties for bias, predictability, and structural anomalies.
-
Status:
A key is marked VALID only if it is a 64‑character hex string and all core metrics fall in their safe ranges: Shannon entropy ≥ 3.5, Chi‑Square between 100 and 500, |Serial Correlation| < 0.55, Pattern Score > 0.70, and Effective Security ≥ 128 bits.
NO DATA

Key B:

Shannon Entropy:
Shannon Entropy (0–4.0 bits)

A measure of how unpredictable each hex digit is. A score near 4.0 means all digits appear with equal frequency, indicating a well‑mixed distribution. Because 32 bytes is a small sample, a Miller–Madow correction is applied to reduce bias and produce a more accurate estimate of true entropy.
-
Chi-Square (Χ²):
Chi‑Square Fairness Test

Evaluates how evenly the 256 possible byte values are used. A well‑behaved 32‑byte key typically produces a Χ² score in the 200–300 range. Values above 400 indicate strong bias or “clumping,” suggesting the generator may not be mixing entropy correctly.
-
Serial Correlation:
Serial Correlation Coefficient (SCC)

The “smoking gun” of structural weakness. SCC measures how strongly each byte predicts the next. A truly random key hovers near 0.00. Values above 0.80 indicate severe, deterministic patterns that should never appear in cryptographic material.
-
Security Bits:
The estimated amount of real unpredictability remaining in the key after accounting for entropy loss, bias, correlation, and structural patterns. A perfect CSPRNG key scores near 256 bits. Keys below 128 bits are considered weak, and anything under 80 bits indicates severe structural vulnerability.
-
Entropy Bits:
A measure of how unpredictable the key truly is. Even though every key here is 256 bits long, structural patterns can reduce the effective randomness dramatically. A perfect CSPRNG key scores near 256 bits. Anything below 128 bits is considered weak, and values under 80 bits indicate severe structural bias.
-
Effective Security:
Effective Security Bits

Calculated as 256 bits multiplied by our Quality Factor. It penalizes correlation and distribution bias to estimate the "real" keyspace used. After all penalties, a key must retain at least 128 bits of effective security to be considered safe. Anything below 80 bits is automatically rejected. Attackers don’t brute‑force the full 2²⁵⁶ space — they exploit structure. A key with perfect entropy but strong patterns can be 10³⁰–10⁴⁰× easier to crack than a truly random one. This system ensures those keys never pass as “valid”.
-
Pattern Score:
Detects structural weaknesses that traditional randomness tests miss. Even if Shannon entropy and Chi‑Square look perfect, a key can still be dangerously predictable if it contains repeated halves, mirrored sequences, low‑uniqueness byte pairs, or other algorithmic patterns. Even perfect Shannon entropy can hide structural weaknesses. Pattern Score detects repeated halves, mirrored sequences, low‑uniqueness byte pairs, and other algorithmic patterns that drastically reduce the effective keyspace. Values below 0.40 are treated as BAD. Humans can instantly spot patterns like abcdeffedcba..., but statistical tests often cannot. Pattern Score bridges this gap by identifying compressible or low‑complexity structures that drastically reduce the effective keyspace.
-
Quality Factor:
Quality Factor (QF)

A combined score that blends entropy, chi‑square fairness, serial correlation, and structural pattern analysis into a single measure. QF estimates how much of the full 256‑bit keyspace the key is actually using after penalties for bias, predictability, and structural anomalies.
-
Status:
A key is marked VALID only if it is a 64‑character hex string and all core metrics fall in their safe ranges: Shannon entropy ≥ 3.5, Chi‑Square between 100 and 500, |Serial Correlation| < 0.55, Pattern Score > 0.70, and Effective Security ≥ 128 bits.
NO DATA

How to Read This Map

We use a Bit-Walk algorithm to expand 256 bits into a 2D path. This visualization acts like a Digital Fingerprint.

  • Human Bias: Geometric ghosts, squares, or long straight lines. Humans avoid "clumping", making their paths look too uniform/clean.
  • Machine Random: A dense, chaotic "tangled string". It won't cover the canvas evenly because true randomness is "clumpy".

⚠️ The Birthday Paradox & Shannon Score: In only 32 bytes, there is an 86% chance of repeating bytes. A Shannon Score near 3.7 is often safer than 4.0, as "perfectly unique" keys in small samples often suggest non-random whitening or human intervention.

ℹ️ About Detection Limits This visualizer can reliably flag low‑entropy keys, patterned keys, ramp‑style sequences, and biased or human‑generated keys. These contain strong structural fingerprints that appear even in a single 32‑byte sample.

However, it cannot reliably detect keys produced by weak PRNGs (like Math.random()) or LCG‑based generators from a single key alone. These generators can still output individual keys that look statistically normal at 32 bytes, even though the generator itself is insecure.

In other words: this tool detects structural anomalies in the key, not the full strength of the underlying RNG.

Security & Generation Strategy

Technical Requirements

Hardened Margin Formula
256 × (Shannon/4) × (1 - |SCC|²) × Χᵖᵉⁿᵃˡᵗʸ ≈ (Σ bits)

Adjusting for Serial Correlation & Distribution Bias

Raw Bits 256
×
Quality Factor 0.00
=
Target >128

“BAD KEY” Does Not Mean “Easily Crackable” A key flagged as BAD is not weak in the brute‑force sense — even a 100‑bit effective key is astronomically large. Instead, it means the key shows structural anomalies that should never appear in high‑quality cryptographic material.

These anomalies can sometimes hint at a biased or misconfigured RNG, but a single key is not enough to diagnose the generator itself. Some insecure generators (like Math.random() or LCGs) can still produce individual keys that look perfectly normal at 32 bytes.

LINUX KERNEL STATUS

Entropy Pool Check: 256 = FULL (Kernel 5.10+)

cat /proc/sys/kernel/random/entropy_avail

Starvation Remedy:

sudo apt install haveged
sudo systemctl enable --now haveged
Entropy Audit Tool v2.1 // System Entropy Pool Check: /proc/sys/kernel/random/entropy_avail // Target: > 128-bit Security Margin by @nocachy