Violating shannon’s maxim means making a security system that is insecure if an attacker knows how the system works. In this case, a password generation mechanism like “use the most memorable password not in the password cracking list” violates shannon’s maxim—if an attacker knows you’re doing that he can generate such passwords himself and test them against the password hash. A password generation mechanism like “select 18 random hexadecimal characters” is secure even if an attacker knows you’re doing that, because you’re randomly selecting from 16^18 possible passwords.
Violating shannon’s maxim means making a security system that is insecure if an attacker knows how the system works. In this case, a password generation mechanism like “use the most memorable password not in the password cracking list” violates shannon’s maxim—if an attacker knows you’re doing that he can generate such passwords himself and test them against the password hash. A password generation mechanism like “select 18 random hexadecimal characters” is secure even if an attacker knows you’re doing that, because you’re randomly selecting from 16^18 possible passwords.
I’ve heard it go by the name security through obscurity (see https://en.wikipedia.org/wiki/Security_through_obscurity).