For another good analysis, take a look at Klaus Post’s excellent password requirements article.
He has developed a Go library for checking passwords against a dictionary, and provided a combined dictionary from several leaked databases with >1b entries.
Regarding password entropy (aaaaaaaa) you could consider running a compression algorithm over the password to check that it is suitably random: a good password should probably be incompressible. Passwords may still be too short for this to be a good estimate though. See also Kolmogorov Complexity.