Except Schneier is just plain wrong about this. The numbers presented in XKCD comic were already assuming that the attacker has full knowledge about how the passwords are generated, including the wordlist used. This has been discussed over and over in various places, including HN. Long story short, there is no shortcuts for attacker against true random bits of entropy.