An interesting problem with long pass phrases is they become almost biometric in difficulty of changing.

So lets say 10 bits of entropy per English word and you memorize the first 400 words of your favorite translation of the book of Genesis to produce your ridiculously predictable 4000 or so bit key. OK. Nice job. Now your machine gets powned or some service gets powned or you lose a very important flash drive or whatever and now on a dime you have to perfectly memorize five hundred words of ... the book of Revelations perhaps. Really? It sounds simpler to rekey your biometrics by getting new fingerprints or holding a different picture of a retina in front of the retina scanner. Memorize five hundred words perfectly, OK. Memorize a different five hundred words on the fly after a stressful breech, that's just not funny. Can't I just use "Password1"?

Note that a theoretical rainbow table of the bible "could be" very long but a realistic and practical rainbow table could be very short. Very few people are going to begin or end a passphrase in the middle of a possibly important line. In fact most are going to begin and end on major boundaries of which there are not many, and you can exclude all the too short or too long phrases. I suspect there are very few 4000 bit key pass phrases in the bible. And other books are almost easier to predict via social media, most famous book by some author you're related to, or everyone on social media knows your favorite book from uni, etc.

Long pass phrases don't biologically scale over operational time where you might end up rekeying often.

> This is stupid. If your key is generated from a pass phrase I guarantee you it's exponentially easier to guess than if it wasn't generated by some simple pass phrase.

I don't think the author ever claims that a password-derived key is more secure than a random one? This is clearly a conveniance vs security tradeoff, and it doesn't seem like an unreasonable one.