Password Strength
I recommend between 64 and 128 bits of entropy. Depending on the character set, this translates to the password lengths below, when the passwords are randomly generated (using KeePass etc):
| Character Set | Password length | Password length |
|---|---|---|
| (number of different characters) | for >= 64 bits of entropy | for >= 128 bits of entropy |
0-9 (10) |
20 | 39 |
a-z (26) |
14 | 28 |
a-z0-9 (36) |
13 | 25 |
A-Za-z0-9 (62) |
11 | 22 |
A-Za-z0-9%$&/... (95) |
10 | 20 |
Use this metod, to create first KeePass password
gocryptfs uses scrypt password hashing. The scrypt paper includes this table that estimates the cost for cracking a password in one year:
So it would cost 43 Billion Dollars to crack a 10 chars = 64 bit password. Adding another alphanumeric character multiplies the cost by 62.