In a world where most people used passphrases instead of passwords, wouldn't an attack that generates a random string of words (alternating between word delimiters) be similarly effective to a brute force attack? Of course, there are many more possible words than possible characters, but I suspect in practice the range of words that are actually used could be predicted by a decent heuristic.
Am I just displaying my ignorance of the topic or does this make sense?
Generally speaking, you can always assume that brute force attacks will always be possible. The trick is limiting how effective they can be. Increasing the length, and or complexity but preferably length, is a good way to slow down a brute force.
So we can discuss specifics, let's assume that the attacker has access to your password hash and cannot use any shortcuts such as hash lookup tables. The length of time necessary to succeed is pretty strongly dependent on the speed of the compute power available. That is, a computer that is capable of checking 1,000 passwords per second will take much longer than a computer that is capable of checking 100,000 passwords per second. As compute power increases on computer systems, the length of time to perform an off-line brute force will decrease. So in this case you would want your password, or passphrase, to be sufficiently complex to render the brute force time longer than the expected lifespan of the password. That is, if you change your password every 6 months you want it to take at least 7 months to break.
Another common brute force method is to attempt to log into a life system, this is what you'll see commonly in scans, such as Morto, that have a common password list and look for systems using some simple credentials. Here the same principles apply, except you have a little more control over how the process can be slowed down. For instance, you can lock out remote systems after a certain number of attempts, respond with the Bad Password message with increasing delays, or lock out accounts after a certain number of bad passwords. All of those have their downsides, in that they can be used as a mechanism for DoS attacks. They are, however, fairly common. In some cases, such as PCI compliance, account lock outs are actually required.
Yes, it is just as vulnerable to a brute force attack as a password, if the attacker treats it as a pass phrase.
If you assume no delimiters and a 15,000 word vocabulary, then a 4 word passphrase has similar entropy to a 10 character mixed case alphanumeric password and so will take about the same time to brute force.
The reason you might use a pass phrase is not because it is stronger, but because it is easier for users to remember.
For example, compare "uPTwbyp4kAv" to "correcthorsebatterystaple".
Same entropy, but normal humans can't remember the first one, so they write it down, or change it to "Password123".
You're correct. If you were to use only dictionary words in a passphrase, then you're just dealing with an 'alphabet' of all the words in your language (which is admittedly much larger than 26), but you probably only use a handful of words in your passphrase so you may not buy yourself much additional security.
However, with the small tweak of using at least one non-dictionary word, your passphrase becomes exponentially more secure. If you have 5 dictionary words with a few special characters or substitutions sprinkled in, then you're not vulnerable to a brute-force (which is only feasible for < a dozen characters, or so on most platforms), and you're no longer vulnerable to the dictionary passphrase attack you mention.
If you are interested in passphrases' security, here is an interesting research Some evidence on multi-word passphrases. Basically results of this research confirm yours expectations.
I've been using passphrases for many years now, but instead of using it directly, I'm modifying it a little bit. For example my passphrase may look like that:
Th1$#I$#My#3x@mpl3#P@$$phr@$3
It's easier to remember than "truly random password" and, in general, it gives me acceptable level of security. Guessing correct words is not sufficient in this case, attacker must also guess transformation I used to create my passphrase (the transformation should be somehow unique every time you create your passphrase). Of course even longest passphrase is not secure if you use it in many places.
As a side note I want to mention that I'm also using password manager application (KeePass) and for every account that I don't have to remember my password, I use automatically generated one. Using unique passwords is good security practice, but it can be quite burdensome if you are trying to remember them all. Even if you are using passphrases.
