About 20 000 active words is my understanding. And then the words people pick from is likely from fraction of that.

XKCD estimated 11 bits per "common word", corresponding to a dictionary of ~2000. But that's assuming even distribution across that dictionary, which isn't a reasonable thing to expect a human to do themselves.

Diceware - an actual formalisation of the approach, including recommended means of generating the entropy and specific wordlists - uses 7776 words, for a shade under 13 bits each. EFF have a nice one - https://www.eff.org/dice

The recommended 6 words gives 77.5 bits of entropy per password. At Lastpass's current default iterations of 100k that's about 2^93 SHA256 operations to have better than even odds of breaking it.

To put that into perspective, the Bitcoin mining network is reportedly hashing at 256 quintillion hashes per second right now. At that rate it would take on average 72 weeks to crack.

One extra word bumps that up to 11 millennia, if that's a bit too tractable for comfort.

You don't have to pick all words in the same language.

Most people know at least 3 languages well enough. I often make passphrases out of 5 to 6 languages.

No, that’s highly unusual. Maybe people know a handful of greetings / numbers in other languages but I think you’re vastly overestimating the number of people capable of speaking more than one language.

Maybe that is the prism of living in europe.