Aren't phrases easier to type on mobile devices than letter / number combinations? I always find it annoying to have to switch to different keyboard modes (text / numbers), or having to hold the letter / number key for a few seconds.
Sure, the simple characters make it a bit easier, but the phrases tend to be much longer.
The error rate on a touchscreen keyboard is high enough to really become a problem at 20+ characters when you only see the last typed character (no password review).
Using dictionary words makes it easy for more modern predictive keyboards to keep up, though. Taking the XKCD canonical example, "correct horse battery staple", it's a reasonably secure and lengthy password and includes special characters.
It could also be keyed in via something like Swype or SlideIT in almost as fast as it could be keyed in on a computer keyboard.
Yeah, the iPhone keyboard is what finally got me to stop using r2d2 or c3p0 as a part of my password. And the fact that they are probably in the cracking dictionaries.
Is `rand` a secure random number in ruby? In many programming languages/implementations the default PRNG is only seeded with the current time, which leads to quite low entropy.
