[Fixnum]

The point is you're supposed to use truly random word combinations since those are at least memorable.

  $ wc -l /usr/share/dict/words
  119095
  $ python -c 'print(119095 ** 4)'
  201175048646341950625
  $ python -c 'print(85 ** 10)'
  19687440434072265625

So, even if your target is known to be using this scheme in pure form, this has more entropy than a completely random 10-digit password (assuming ~85 characters) -- and who would actually be using such a thing, except someone using a password management program - who could just as easily be using a 20-character random password?

So even if it becomes known, it's an improvement on what users are doing now.

[srollyson]

Can never turn down an opportunity for a one-liner.

  $ perl -E 'open(my $fh, "<", "/usr/share/dict/words"); my @words = map {chomp; $_} <$fh>; close $fh; say join " ", map {$words[int rand @words]} 1..4'
  menu chemists administrative seeps

Might have to run it a couple of times before you get something that you can memorize.

[giovannibajo1]

You shouldn't use a non-cryptographically secure random number generator (perl's rand) in the context of password generation. It's too risky.

[keenerd]

Ew.

    shuf -n 4 /usr/share/dict/words | tr -dc 'A-Za-z0-9'

[idProQuo]

You can use a dictionary of the most common 10000 words, you'd still have loads of entropy.