Passphrases

Answer to this frequently asked question.

The recommended value is 1000. Continue reading if you are concerned about the security or connection performance.

Security concerns

According to this article, such password would take more than 1900 times the age of the universe to bruteforce. Taking this into account, it is more probable that some plugin with backdoors will steal the passphrase, than the passphrase getting bruteforced randomly.

Passphrase guidelines:

  • Passphrases shorter than 50 characters are considered weak. If using such passphrase, the plugin will display a warning each time the server starts.

  • Never share it with anyone else.

  • Regenerate it once in a while, just in case.

  • Use the built-in generator only - avoid any internet communication.

Data payload

Each character is ~1B of data, so passphrase of length 1000 is equal to 1kB of data transfered between the proxy and backend servers.

Last updated