[jpdus]

Can you explain why a 40 char text is 1000 times easier to crack than a 10 char password according to the graphic? Is it assumed you don't use any numbers/symbols and the attacker knows your dictionary?

[cperciva]

The "40 char text" is based on NIST guidelines for estimating the entropy in English text -- i.e., dictionary words which make grammatical sense together. The "10 char password" is for 10 random printable ASCII characters.

[rorrr2]

I think "text" is english + whitespace + punctuation only, whereas "password" is any kind of character.

I didn't create that image, so I'm not 100% sure.

[ReidZB]

You're correct. See the original scrypt paper by Percival [1], halfway down page 13, for a description of the categories. The table itself is at the top of page 14.

[1] https://www.tarsnap.com/scrypt/scrypt.pdf