Re: Q: password generation

The spelling checker in most word processors contains a much
larger dictionary, permitting use of passphrases containing say
10 word sentences.

My paper dictionary contains "Over 60,000 definitions".

Ok, but using twice as much words gives you only 1 bit per word. And
using longer words means more typing.

I'm assuming that the attacker knows everything except the words chosen
from the dictionary.  In particular he knows the dictionary and the
exact generation method used.

Under your assumption you're surely right.

The point is:  random capitalization of the first character merely
doubles the number of words available, which adds exactly one bit per
word.  You would need to use a 12 words password to compensate for the
11.69 bits of entropy added by a single additional word in the original
3300 words dictionary.

That's right. That's why I'd never use it this way.
Random capitalization of any character would give me 20 bits (on the 5
4-character word passphrase),
but it'd way harder to type (at least for me) than your additional
That's why I'd use some strange substitutions giving me much more for
less effort.