I'm trying to get a *rough* feel for how many simple passphrases there are in (say) twenty characters. Nothing fancy with punctuation and capitalization, and I don't want to worry that "doghouse" and "dog" followed by "house" will actually result in the same passphrase. Including one-letter-words it is easy to see that there are 2^19 different ways to divide the 20-character phrase into "words". But beyond that I'm stuck for getting even a vague-order-of-magnitude of how many passphrases you can get... But I know the number is going to be *HUGE*. The division 7/7/6, using just a small simple wordlist, gets me nearly 10^12 possibilities. Five four-letter words is >10^17 (four five letter words gets you a mere 10^15). My very rough intuitive guess is that since the different combinations will add together, the order of magnitude will be dominated by the tall pole in the tent and I bet that my guess of 5 four-letter-words [at
10^17] will probably be the answer. (actually, for my word list, 6 three-letter words and a two-letter word is about a hundred times larger). [for my not-very-big wordlist, 6 three-lets and a two-let came up with 83,631,769,001,984,000,000 pass phrases, nearly 10^20]
[I'm trying to argue that if you make your passphrase 20 characters long, it doesn't make *ANY* difference what it is, it'll be massively hard to brute-force crack [compared, for example, to *anything* you do with an eight-character password -- even if you allow utterly random character strings, there are only about 6*10^15 8-char passwords], and so just pick something easy to remember and easy to type, but make it LONG. /Bernie\ -- Bernie Cosell Fantasy Farm Fibers mailto:bernie@fantasyfarm.com Pearisburg, VA --> Too many people, too few sheep <--