Not a true greentext but I hope I have captured the spirit of it. (First time I wrote smth like this, don’t be harsh on me. >w<)
That’s just recommended to emphasize length. If your password is as long as a passphrase it’s likely more secure (harder to remember though).
But if the point is to remember it, then you should use the security from length of series of 5+ random words. It’s easier to remember, write down, and type. All great characteristics of a master passphrase.
I don’t disagree, sorry if it sounded like I did.
There’s just a theoretical weakness since the base word lists are usually public knowledge and bruteforcers could (and probably already have) optimize for that.
The advantages of a passphrase outweigh though as you mentioned. An attacker would first need your repo anyway.
](https://lemmy.dbzer0.com/pictrs/image/2f4ae845-6190-4bef-ac6c-f9614e6c2d02.png){kind=link}