All the gimmicks mentioned for passphrases, are already used by crackers, and for which hashcat rule sets already exist.
Use long, random machine generated passwords ... Kinda like my username. Use Nothing from a dictionary. Among the passwords I have cracked using hashcat, my favorite stupid password: You w!ll n3v3r b3 abl3 t0 brut3 f0rc3 th!$ l3ngthy passw0rd!
Hashcat cracked it in the first 24 hours using an 8-GPU rig, street price: $4.80US
Last edited by gqZJzU4vusf0Z2,$d7; Jan 23, 2016 at 4:14 pm