There are 24 letters in the English alphabet. If we count upper and lower case as different, that's 48 possible letters. There are 10 digits and let's say 28 punctuation and special characters. Each character of our eight-character password can therefore be any one of 48+10+28 symbols, for 86 possible characters that can appear. Therefore, the total number of different passwords you cam make is 8 to the 86 power, or 4x10 to the 77th power combinations. A lot, to be sure.
Now let's consider the four-word password that's all lower case. The Oxford English Dictionary currently lists about 600,000 words. Most "abridged" dictionaries list about 200,000 words. If we choose four words from an abridged dictionary, the number of password combinations is 4 to the 200,000 power combinations, many, many, many times more possible combinations than the 8-character random password! Use 4 words selected randomly from the OED and it goes up to a number so large it's thousands of orders of magnitude greater than the number of atoms in the universe.
It's important to consider, though, that complete, meaningful English sentences are far less secure. Word combinations like "heavy today spirited bellicose" aren't meaningful sentences; when you limit the combinations to meaningful English phrases, like "big red cat toy," the number of possible combinations drops dramatically. You're far better off by choosing words at random than by making passwords that are meaningful sentences or phrases.
1. Don't the "odds" on cracking a four word password decrease substantially if the words are attacked as just another alpha-numeric string?
2. Why is a meaningful phrase less secure than random words?
Thanks.
