On your bikelock you have a 3 character code with and alphabet of 0-9. So 10^3 = 1000 possible combinations.
If you pick 3 random words out of a dictionary with 40k words, there are 40000^3 possible combinations. (64 000 000 000 000).
Depending on how the password is hashed a 1000$ machine might be able to test anywhere from like 10 to 10 000 000 000 000 hashes per second. (100 billion hashes per second are more realistic)
So a 3 word password might be safe for a very very long time or cracked in seconds.
It’s about combinatorics.
On your bikelock you have a 3 character code with and alphabet of 0-9. So 10^3 = 1000 possible combinations.
If you pick 3 random words out of a dictionary with 40k words, there are 40000^3 possible combinations. (64 000 000 000 000).
Depending on how the password is hashed a 1000$ machine might be able to test anywhere from like 10 to 10 000 000 000 000 hashes per second. (100 billion hashes per second are more realistic)
So a 3 word password might be safe for a very very long time or cracked in seconds.
A 4 word password will take 40000 times as long.