Wouldn't a generator like this significantly increase risk of succumbing to dictionary attacks? I probably just don't understand part of what it's doing, but I'm curious.
It depends on what your baseline is. With knowledge of the generation algorithm, a dictionary attack on a password generated that way will definitely succeed, but on average it will take 2⁸³ tries (twice that at worst). At a billion tries per second this is 300 million years, almost long enough for the Sun to engulf the Earth if your attacker devotes only a single CPU to the task. There are commonly used password hashing algorithms that can only do a few hundred tries per second per CPU, which pushes the average success time to a quadrillion years, fifty thousand times the current age of the universe.
By contrast, trying every phrase of 20 words or less in every book that has ever been published would only take something like 129 million × 19 × 500,000 = 1.225 quadrillion tries. At a billion tries a second, that's only two weeks. (And if the password hash is inadequately salted, the attacker can use a rainbow table and put in that effort ahead of time and distribute it across all the victims.)
An attacker with more resources might devote a million CPUs to the problem, which would cut the time to success from 300 million years down to only 300 years (assuming a billion tries a second). In the next few decades it will become practical to devote much larger amounts of computation to problems like this, so such an attack might succeed, but currently it is beyond the capabilities of all but a few adversaries. And, as I understand it, Grover's algorithm will enable a large enough quantum computer to solve your password in only 2⁴² tries, which is only about four trillion tries, under an hour at the billion-tries-per-second speed I suggested above. I'm not sure, but I think it would need to prevent qubit decoherence for that period of time.
You can get equivalent security with a shorter password that looks like random gibberish, such as b7fc d750 9a52 ad6a e48c a, eedgckeimbjdefhcjclmghh, mgujdlrgdfmadtlidu, 1qvrx21zego0scvyi, 17uUPBKnfX7fSNY, >4h)&crV,+E{O, or 宜潨阰揫難侌, but those are a lot harder to memorize. They're shorter to type, though, and they're less vulnerable to side-channel attacks.
Looking random isn't good enough, though. They need to actually be random.
