Yes, I based my method somewhat on Randall's, but mine isn't susceptible to what should probably be termed "known-method attacks". In essence, if an attacker knows something about your password, then generally speaking it is easier to attack it. For instance, if I knew that someone's password was using Randall's method, I wouldn't run a bog-standard brute-force algorithm at it. Instead, I'd get a large dictionary of words, and then just run through all possible combinations of 4 words.
Of course, the chances of an attacker knowing you use Randall's method are quite remote (at least, they should be), so his method is still "more secure" in a pure brute-force scenario. However, the fact that known-method attacks exist, and could potentially break one of Randall's passwords is less time than a standard password should be worrying. Hence, my method tries to protect against these sorts of attacks, by using the element of randomness, but putting it into a proper sentence form. So you still have words from the dictionary, but some of them might be capitalised, and others might be followed by some punctuation symbol, etc. The number of brute-force attempts thus becomes the number of possible sentences that you can have, making such attacks infeasible.
Of course, the chances of an attacker knowing you use Randall's method are quite remote (at least, they should be), so his method is still "more secure" in a pure brute-force scenario. However, the fact that known-method attacks exist, and could potentially break one of Randall's passwords is less time than a standard password should be worrying. Hence, my method tries to protect against these sorts of attacks, by using the element of randomness, but putting it into a proper sentence form. So you still have words from the dictionary, but some of them might be capitalised, and others might be followed by some punctuation symbol, etc. The number of brute-force attempts thus becomes the number of possible sentences that you can have, making such attacks infeasible.
