excellent - thanks for the info.
I've decided to do some maths.
If you used a dictionary based brute force it might feasibly take less time I suppose depending on how many words were in your dictionary.
The Oxford English dictionary has ~ 220,000 words plus they estimate more than 8000 additional words are in use.
the number of possible combinations on a 5 word pass-phrase like peanut butter and jelly sandwiches would be 228000^5 or:
616132666368000000000000000
for a letter-by-letter brute force attack you'd be looking at 26^30 or:
~281319890128474591925862102961600000000000
an 8-character 'secure' password has roughly 80 different characters you might expect to see used 80^8:
1677721600000000
so a dictionary attack is dramatically quicker on the passphrase than character by character but is easilly scuppered by throwing the number 5 into the middle of a word, using a French word etc. Even with the dictionary attack it is still hugely more effective than the regular 8 character model in use by most places.
Fun times.
Ben
^ Thats me!
----------------------------------------
01010111011010000110000101110100 01100001 0110001101101111011011010111000001101100011001010111010001100101 01110100011010010110110101100101 011101110110000101110011011101000110010101110010
----------------------------------------