it is the password which is used to encrypt the wallet file and NO you do not need a 50-60 char long pass. brute force is done with a dictionary or similar ways so you are still pretty safe with a password which is 8 char long but it is random letter+number+signs
although i am interested to hear from f___o about the method he is talking about for breaking these encryptions, is it brute force the way i think or is it something else?
As he explained to me earlier... that graph shows the relative speed with which one can test passwords against the encrypted wallet file due to the hashing algorithms they use for comparing input password will file password.
Some algorithms are super fast, so you can test passwords faster... as you can compute their hashes faster to test against the encrypted file.
Of course, this is still brute forcing... so if you use a "secure" password which is nice and long (I hesitate to give a definite value, but certainly longer than 8 and the longer the better), and uses uppercase, lowercase, numbers and symbols... brute forcing is still going to take a "long" time to run through all the possible combinations... What the graph shows is just that one program (MultibitHD) would take considerably longer than the other (Electrum) due to password test speed.
when i said 8 i didn't really calculate anything but let me do it now here and you check if i am doing it right:
there are 26 letters in English
x2 because of lower case and upper case
there are 10 numbers
there are 32 signs (symbols) on the keyboard only (*, /, #, $, ,, ^) and i won't count the rest of the signs (ƒ, ¥,£,...)
this total is 94 so a random password like this: Df@m$Jdu (8 char long) has 6E+15 different possible variations.
and if i understand the picture above correctly the worst case scenario is going through 2.5E+5 passwords/s
so it would take 2.44e+10 sec or in other words it takes 773 years to go through the passwords.
