Comment Re:I Got It! (Score 3, Informative) 538
If you had people generate a four word pass phrase, it's quite likely that most of them would contain only words from a relatively small subset of the English language.
Which is why the computer would generate the phrase.
2Correcthorse4batteryStapple!
Varying capitalization, and optionally separating the 4 words with 3 character symbols adds: 2*2*2*2*90*90*90*5*4*3 possible permutations: 6.9e8
Now that's not bad, and it definitely is more secure than the plain 4 words. BUT:
Assuming 200,000 words in the dictionary. Simply adding 3 more words to the end gives you 8e15 additional permutations.
8e15 is a LOT bigger than 6.9e8
And now we are at 7 symbols either way.
Remembering 3 more words is both easier and ridiculously more secure too.
Peppering a passphrase with difficult to remember symbols is missing the point. If you want more security, just add another random word or two. Either method increases its brute force complexity, but perhaps counterintuitively, adding a few words is far more secure than mangling the pass phrase with a few symbols.