I know this subject has been run over ad-nauseum, but I have a general question regarding TC passwords, or any encryption password for that matter. We know that someone trying to "Crack" or brute-force a password is generally going to use some form of dictionary attack, and generally speaking more advanced attempts are going to use a specialized dictionary that ties back to the user they are cracking against (ie DOB, SSN, known passwords, etc). So, in this example, lets assume the cracker has a dic that includes 9 of the 10 pieces that make up a password - as in this diagram: Password = (1)(2)(3)(4)(x)(5)(6)(7)((9) They do not know the order, in fact they don't even know for a fact they have any part of the password, but we assume they do have 9 of the 10 parts, all they dont have is the (x). We will assume that each piece is between 4 and 7 chars for this example, however the cracker does not know this. We will say (x) is 6 chars, containing alpha, num, and symbols. (1)-(9) are also alpha-num-symb. Deep breath. So given all the above, is that password really any stronger than the 6 char (x)? This is WAY above my head, so thats why I ask. The cracker doesn't know they have (1)-(9), nor do they know in which position (x) is, and that they don't have (x). My initial thought would be, that in theory, they have a head start on cracking the password, but given the length (which they do not know) and the enherrient entropy in each piece, even tho they have it in a dictionary, that in reality they really are in no better position to crack that password than if they knew none of that information. Is that a sound assumption, or is this password really reduced to the entropy of (x)?