Sure just if fully given in this way it’s basically the same as an 11 character password. And more damning is it’s not really random. I’d use this as a case of more education on longer passphrases aren’t always longer entropy on their own if they are non random phrases is all. And there’s a lot of different word lists out there. I’d give this a go on my system and see if a guided run with the knowledge of how things were built can brute force it.
The big thing is a secure passphrase or password should be resistant to attacks even if there is perfect knowledge of how it was generated. In this case all lower case English words in a non random phrase works against that.
Sure just if fully given in this way it’s basically the same as an 11 character password.
Only of the attacker knows whether it’s a password or phrase. I’d argue that passwords are far more common and that’s what a cracker would focus on first.
should be resistant to attacks even if there is perfect knowledge of how it was generated
As far as I know there still is no way to create actual randomness. You’ll still have some pseudo-random number generator and a hopefully unguessable seed. If you have “perfect knowledge” about that, cracking the password is almost trivial.
