[dbbolton]

The xkcd-style passwords may be less vulnerable to a brute-force attack, but they are more vulnerable to a dictionary attack.

There are (very) roughly 2^17 words in the dictionary, so if you pick 4 there are 2^68 possibilities, or 2.95e20.

There are 94 printable characters on a US keyboard. This means that an 11-character "hard to remember" password has over 16 times as many (~2^72, 5.06e21) combinations as a four-word xkcd style password.

But again, we are comparing two different types of attacks. I don't even know how feasible a 4-word dictionary attack is, or whether it's actually used "in the wild". Still interesting to think about.

[danielbarla]

The issue with the numbers you give is that nobody really has an 11 character password compatible with it.

The reality is that people have trouble remembering 11 truly random and unrelated things, so they try to simplify and group things - e.g. by taking a base word and changing the spelling, or adding numbers on. This is what leads to the easy to brute force passwords; the cracking techniques now cater for the most popular variations.

So again, while you may be right on paper, you can't compare a 4 word passphrase with a true 11 character random password; they are on completely different scales of difficulty to remember. If you're interested, take a look at how the xkcd comic constructs the difficulty of the two passwords, it is fairly realistic. For what it's worth, it considers only "common" words (top 1000 to 2000 most popular) from the dictionary, and the passphrase wins out even so. Throw in a word from another language, would be my suggestion.

[dbbolton]

I think you're missing the point. I'm not arguing that passwords like "H$&v46S13^a" are actually better in practice than passwords like "TheCowSaysMoo". I'm providing one specific case where they are superior in terms of difficulty, i.e. the unlikely event of a directed dictionary attack, and a rough comparison of the level of security in that case as compared to a brute force attempt.

As far as "true randomness", it's irrelevant here since we are only counting permutations, meaning "Hello,2048" is just as difficult as "^6H9Ox#g`!" (i.e. their length and superset are both equivalent).

[danielbarla]

I think we're mostly on the same page, but still talking past each other. In my opinion, the only _reasonable_ way to compare the two password styles is in a practical way, taking into consideration human memory limitations. In that sense, the equivalent to an 11 character "random character" password is NOT an 11 character sentence. It would be more like a 5 or 6 word sentence due to the way your brain works. When you compare these, the pass phrases do win out, even for directed dictionary attacks.

Essentially, what I'm saying is that your brain seems to have better memory (or compression?) for sentences than random character jumbles, allowing you to use longer / stronger ones. Even when you consider dictionary attacks. Again, the original XKCD article is fairly objective and accurate; what's shown there IS a dictionary attack.

[dllthomas]

They are more vulnerable to a dictionary attack for a given password length. The theory is that memorability (and ease of typing) decays more slowly with respect to the entropy contained in an xkcd style password than in a jumble of random characters.

[Perdition]

The issue with "random" passwords is trying to remember them. XKCD-style isn't perfect, but it is loads better than "Password91" and "Dragon" style passwords which are what most people actually use.

[dbbolton]

As I already said, I am not arguing that "random" passwords are better in practice.

Also, a password that uses a very large character space does not have to be random at all.