Lee D, your entropy calculations leave something to be desired.
A 10-character password taken randomly from a set of 26 characters has 47 bits of entropy.
A 10-character password taken randomly from a set of 27 characters has 47.5 bits of entropy, i.e. it's about 40% stronger, not 1/26. Adding a character to the alphabet makes the password only 1/26 stronger if it's a 1-letter password.
And that's if the attacker has somehow divined which punctuation mark you added to your character set. In reality, their search space probably includes at least 10 commonly-used punctuation characters. 10 characters from an alphabet of 36 has 51.7 bits of entropy, making it (coincidentally) 26 times stronger than the just-letters version.
Biting the hand that feeds IT
