[an_ko]

Thanks, I'll add base64 as one of the trivial transformations to my ongoing brute-forcing effort of all your passwords, multiplying total search effort by a tiny constant.

I'm joking. But what if I weren't? Especially if you're going to announce this on the internet, it sounds far more effective to add 1 character to the end of your passphrase instead, since each exponentiates any brute force effort, and isn't defeatable by a simple pattern.

(Or announce on the internet that you're doing something far more complex, like running bcrypt on all your passphrases to generate your passwords. That would make an attacker's life significantly more difficult than base64.)

(Or always lie on the internet about how you generate your passwords. I hope that's what you're already actually doing.)

[broast]

I personally can appreciate multiplying an attackers standard dictionary with a transformation. I find the decoded passphrase is already high entropy so it just adds a little bit of trouble. I might consider bcrypt, thanks for the idea.

[seoulmetro]

Wouldn't it be adding whatever the sum of your brute forcing list is onto itself? Which seems like a lot?