-\# FIXME: Mention a good length for a passphrase. (I think Schneier
-\# said something about this on counterpane.com once.)
-
-\# In case people don't like the idea of exchanging a short password
-\# typed every time for a longer passphrase typed every time, link
-\# to the Pageant chapter.
+(Choosing a good passphrase is difficult. Just as you shouldn't use
+a dictionary word as a password because it's easy for an attacker to
+run through a whole dictionary, you should not use a song lyric,
+quotation or other well-known sentence as a passphrase. DiceWare
+(\W{www.diceware.com}\cw{www.diceware.com}) recommends using at
+least five words each generated randomly by rolling five dice, which
+gives over 2^64 possible passwords and is probably not a bad scheme.
+If you want your passphrase to make grammatical sense, this cuts
+down the possibilities a lot and you should use a longer one as a
+result.)