For symmetric encryption pinentry should have the option to generate a passphrase.
This action is already implemented but currently commented out in pinentrydialog.cpp:195
I had commented it out because it was ugly in so far that it just showed a long string and there was no formatting. I think we need to brake this up at least into 4 Character parts and then split them somehow. If we format it, e.g. Uppercase and then split with dashes we would also need some kind of formatted input way to avoid that users either drop the dashes or insert them.
We cannot provide a real grouping because the size of the passphrase is configuration dependendent. But I think we could add a "formatted passphrase" checkbox. That we could also read from a configuration or a registry string to make it the only way to input a password in some deployments. In this mode we could input the dashes by ourself and uppercase the password and also only allow zbase32 characters.