The XKCD comic uses the entropy of common words assuming an informed cracker is using the best tools at their disposal, that being a dictionary attack. That’s why the entroy per character of the passphrase is so low compared to that of the special character password, but the passphrase can be much longer because it’s easier to remember, so that’s what gives it its higher total entropy.
Thanks for the clarification. So I can surmise that length is everything then? Given that I use a password manager I’ll just stick to my long gibberish passwords in that case, but it’s good to keep passphrases in mind for use cases where I can’t copy/paste easily.
The XKCD comic uses the entropy of common words assuming an informed cracker is using the best tools at their disposal, that being a dictionary attack. That’s why the entroy per character of the passphrase is so low compared to that of the special character password, but the passphrase can be much longer because it’s easier to remember, so that’s what gives it its higher total entropy.
Explain XKCD goes into more detail about how the calculation was done: https://www.explainxkcd.com/wiki/index.php/936:_Password_Strength
Thanks for the clarification. So I can surmise that length is everything then? Given that I use a password manager I’ll just stick to my long gibberish passwords in that case, but it’s good to keep passphrases in mind for use cases where I can’t copy/paste easily.