[Niten]

That's not the case, though. Even knowing the general manner in which the passphrase is constructed, if the four words are randomly selected then the best an attacker can do is to brute force the space of 2^44 possible phrases, which is difficult enough to be considered secure. The very same can be said for the seven-character random password: the best an attacker can do, knowing how the password is constructed, is to brute-force a space of about 2^46 possible passwords, which is secure enough.

And this must be true in order for passphrases to be a reasonable choice. Because if people start using passphrases commonly, then this formulation will immediately be added to password cracking toolchains along with all the other common types of password.

On the other hand, the passphrases's actual "entropy" is probably lower than the advertised 44 bits, because patterns like the appearance of an adjective ("correct") before a noun ("horse") are common enough in the English language that they, too, could be factored into a smart password cracking tool.