Passphrases

Answer to this frequently asked question.

The recommended value is 1000. Continue reading if you are concerned about the security or connection performance.

Security concerns

Each character of the newly generated passphrase is randomly picked from 90 different characters. That means, passphrase of length 1 has 90 posibilities in total, passphrase of length 2 has 90290^2 possibilities...

Generally, passphrase of length nn has 90n90^n different possibilities. That means, passphrase of length 1000 has approximately around 1.71.7 multiplied by 2000th power of 1010 of possibilities.

According to this article, such password would take more than 1900 times the age of the universe to bruteforce. Taking this into account, it is more probable that some plugin with backdoors will steal the passphrase, than the passphrase getting bruteforced randomly.

Data payload

Each character is 1B of data (assuming ASCII character set), so passphrase of length 1000 is equal to 1kB of data transfered between the proxy and backend servers.

Last updated