[Fargren]

>>>Fitting them to roughly sentence formats is one possibility (e.g. adj noun verb noun), so that we can visualize something happening.

That "mad-libs" method does reduce entropy quite a bit. I don't know if it reduces it enough to make the password crackable, but the search space is much smaller than just 5 random words.

[mistercow]

That's true. What I should have said was that we want to make the entropy easy to measure. If I flip through random passwords until I find one that's easy to remember, I have no idea how much entropy I've lost. But the mad-libs method should let us know exactly what our effective key length is, and allow us to make up for it with longer phrases if needed.

Edit: Another technique that I find useful is to place the four words into a more memorable sentence. For example, if I pull "frequently scared earth understanding" from passphra.se, I might have trouble remembering that raw sequence of words. But if I put it into a sentence like "I am frequently scared, but the Earth is understanding.", then I have a much more evocative sentence that I'm likely to remember. I usually will just use that whole sentence, punctuation and all, because hey, extra entropy. Dropbox's zxcvbn tool[1] estimates that pass phrase at nearly 128 bits of entropy.

[1] https://github.com/lowe/zxcvbn