[jrapdx3]

For my own use and amusement I wrote a Diceware-inspired program in Scheme. It produced random passwords like "luthier-beige-6139" or "unintimated-clamp-3529". The word-number pattern and separators could be varied.

Like you said, the issues are good RNG and word list. For the latter I used the "web2" list from FreeBSD /usr/share/dict directory. The word list was filtered to remove words that were capitalized, too short (< 5 chars), hyphenated, etc., leaving a final list containing about 151000 entries.

I estimated entropy for generated passwords at ~40 bits. To get 100 bits would require 5 or 6 words. A problem with this method is having passwords composed of obscure terms, reducing acceptability. A more carefully culled list would be smaller, but there's the tradeoff--password legibility vs. length.

Yes, limiting max password length to < 16 chars isn't very smart. Really that should be the minimum rather than maximum.