Comment Re:useless for strong passwords (Score 1) 61
I'm not sure I've seen any independent study which investigates such questions satisfactorily. (You may interpret that as [citation needed].)
Bessner and Davelaar, 1982. "Basic processes in reading: Two phonological codes."
And looking in from the opposite direction, I've also yet to see someone build a 4-simple-english-word rainbow table to directly attack the claim of security.
You don't need to count to 10^5^4 to know that it's a big number, far greater than the search spaces currently achievable with rainbow tables. Barring a monumental flaw in the hash function, the decreased per-character entropy shouldn't make a difference. (Though I guess it depends on how many "simple english words" you consider there to be.)
Certainly, in the field of memory, I am prepared to believe I am far from the norm. I have an exceptionally poor memory for almost everything. During my academic career I could never remember high level theories or identities, and had to repeatedly derive them from basic principles before using them.
With you on that one.