Theoretically yes, as long as you assume the equivalent of a spherical cow in a vacuum.

We've (the security community) become very good at enforcing password schemes that are hard for users to remember and easier for computers to crack. While you could correctly assert that a 30 character long lower case letter only phrase has less entropy than a 15 character sequence of randomly generated numbers, letters of mixed case and punctuation, it makes no odds to me - I'm getting neither of them in a reasonable timeframe.

The reason for this is that if you look at the way web site passwords and company passwords are compromised it's not a single account that's hacked. It's going to be the domain or the database of password hashes. Because you're running all of these through a cracker at once you can't (as an attacker) generally afford to waste the time going through combinations of dictionary words with permutations, especially if you know that if you crack a big enough percentage of passwords you've got the access you need and can move on.

Cracking one 10 character random password with alphanumeric and special characters is a problem of scale with the password generaton algorithm. Depending on the algorithm used you can wait for appropriate rainbow tables to appear to increase your chances, for a cryptographic flaw in the algorithm or for moore's law to catch up. Trying to exhaust the same keyspace for a 30 character password (bearing in mind that the attacker is unlikely to know whether or not your password is high or low entropy, especially if other cracked passwords imply a high entropy policy is in place) is going to be much harder, and will only likely take place if no results of value have been found earlier on.

> it makes no odds to me - I'm getting neither of them in a reasonable timeframe

There's nothing wrong with a passphrase as long as it can't be gotten in a reasonable timeframe, obviously! My point about generation stands, though - no password scheme stands in a vacuum, and if whatever you do catches on, you can guarantee software will be made to exploit the low entropy passwords on that scheme (for example, attacks can now include tricks like taking the website name - LinkedIn - and performing common mutations to generate passwords to attempt: L1nk3dIn1)

If it became really common, people would make rainbow tables for it too. All you'd need to do is create a reduction function that maps back into the set <passwords formed from concatenating common words> :)

This applies to all forms of password generation though: ultimately, entropy is important, and if you care about your security you should know whether the entropy levels of your passwords afford you the security you want or need.

Exactly. This is a weak password: "aaaaaaaaaaaaaaaaaaaaaaaaaaaaa" or "qwertyuiopqwertyuiop"

Entropy is important, but multi-word passwords stills being efficient since their alphabet is quite large when compared with common alpha-symbolic-numeric passwords.

For example, a completely random password with 12 digits and upper/lower case letters have (26+26+10)^12 = 3.226e21 possibilities. Quite good unless you need to memorize this thing. I use such nonsense things for password stored in my password safe.

A password with four very common words (among the 1000 most common words in the user's native language, which I assume the attacker know) have 1e9 possibilities -- very bad. Relevant XKCD for explaining how bizarre is an English text with such restricted vocabulary: https://xkcd.com/1133/

A password with five words selected among the most 4000 words of the user's native language have 1.024e+18 possibilities. Put some uncommon/random/made-up word in the mix is enough to make a direct attack on the password non-viable and force the attacker to search for more elaborated methods. Plus side: is easy to memorize.

So, for example, if you used a multi-word password on your ATM machine, and someone aimed an infrared camera at the machine after you left and retrieved the set of buttons that you pressed, the game would be over if your password were short--or at least much closer to being over if it were long.

Alternatively, an attacker could eavesdrop on your keyboard sounds and capture the timing of the clicks, thereby inferring candidate sets of letters. Or they could examine how much oil is on each key of your keyboard, or how much each key is worn, and adjust for the stats on the English language, etc.

Or, as in the ATM case, an agent could interrupt you right after you've entered your password on a false pretext ("Excuse me, I need help.") and surreptitiously take an in infrared photo of your keyboard. This is plausible in many semi-public scenarios (bank teller, etc.)

I think the saving grace here is that a sufficiently long password uses most letters in the English alphabet--but it is still prone to attack if you can at least get the relative ordering of some of the letters, or you know the password's length (by listening to the number of keyboard clicks, for example).

By the way, it's a bit easier to discuss bits of entropy rather than number of possibilities. Assuming each possibility is equal (which is NOT true if you pick the password yourself, rather than randomly) then the entropy would be the logarithm of the no. of possibilities. Generally people use base 2, so:

Random 12 digits alphanumeric: 71 bits of entropy Four common words: 30 bits of entropy Five words: 60 bits of entropy

The multi-GPU cracker on the frontpage today would take 500,000 years to crack the 5 word password if it was stored via bcrypt (according to the article, which sadly did not specify the work factor). The four common words one, however, would fall in just four hours!

P.S. It isn't actually hard to remember a complex password. Almost anybody can do it! The passphrase method is actually not dissimilar to the technique I use. Say the password started "OK53B3" (I just generated this in LastPass). OK, let's figure out a way to remember it. OK, I thought of a way to remember the first two letters ;) 53.. 54 cards in a deck with the jokers, so we've lost a joker. "OK, guys, we've lost a joker" "B3" sounds like someone with a few missing teeth saying "be free!" so I'm imagining a toddler throwing the joker out of the window going "be thfree!"

Very rapidly this will shortern as your memory of it strengthens with repetition (if you're entering this password every day - I recommend using a password manager so you have just one secure password you enter every day). After a few days it will be "OK missing joker be three" etc then just the password itself. After a bit longer it just becomes muscle memory - I couldn't actually recite it easily anymore, but I type it in seconds.

The important thing though from an entropy perspective is that whether you are making a story for your passphrase or for your password, the story comes second. Generate the password / passphrase and then create a story, this assures that each possibility is equal as I mentioned earlier (if they are unequal, there is less entropy).

Of course, I recognise that even with a good memorisation technique, passphrases still beat out f%8D( from a learning curve, ease of use, and accessibility standpoint. The reason I've stuck with the ugly and relatively short passwords is purely so I can type them in as fast as possible!