except it is not troubador. it is troubador, ampersand, digit.
if you know there are exactly two additional characters and you know they are at the end of the string, the first number is really slightly bigger (like 11 times)
once the random appendix is 3 characters or more, the second number wins
and moral of the story is: don’t use xkcd comic, however funny it is, as your guidance to computer security. yes, the comic suggestions are better than having the password on a post-it on your monitor, but this is 21st century ffs, use password wallet.
if you know there are exactly two additional characters
this is pretty much irrelevant, as the amount of passwords with n+1 random characters is going to be exponentially lower than ones with n random characters. Any decent password cracker is going to try the 30x smaller set before doing the bigger set
and you know they are at the end of the string
that knowledge is worth like 2 bits at most
if you know there are exactly two additional characters and you know they are at the end of the string, the first number is really slightly bigger (like 11 times)
even if you assume the random characters are chosen from a large set, say 256 characters, you’d still get the 4-word one as over 50 times more. Far more likely is that it’s a regular human following one of those “you must have x numbers and y special characters” rules which would reduce it to something like 1234567890!?<^>@$%&±() which is going to be less than 30 characters
and even if they end up roughly equal in quessing difficulty, it is still far easier to remember the 4 random words
except it is not troubador. it is troubador, ampersand, digit.
if you know there are exactly two additional characters and you know they are at the end of the string, the first number is really slightly bigger (like 11 times)
once the random appendix is 3 characters or more, the second number wins
https://www.wolframalpha.com/input?i2d=true&i=Divide[Power[2048%2C4]%2CPower[256%2C3]*Power[2%2C4]*4*500000]
and moral of the story is: don’t use xkcd comic, however funny it is, as your guidance to computer security. yes, the comic suggestions are better than having the password on a post-it on your monitor, but this is 21st century ffs, use password wallet.
this is pretty much irrelevant, as the amount of passwords with n+1 random characters is going to be exponentially lower than ones with n random characters. Any decent password cracker is going to try the 30x smaller set before doing the bigger set
that knowledge is worth like 2 bits at most
even if you assume the random characters are chosen from a large set, say 256 characters, you’d still get the 4-word one as over 50 times more. Far more likely is that it’s a regular human following one of those “you must have x numbers and y special characters” rules which would reduce it to something like 1234567890!?<^>@$%&±() which is going to be less than 30 characters
and even if they end up roughly equal in quessing difficulty, it is still far easier to remember the 4 random words