I recommend between 64 and 128 bits of entropy. Depending on the character set, this translates to the password lengths below, when the passwords are randomly generated (using KeePass etc): Character Set | Password length | Password length -- | -- | -- (number of different characters) | for >= 64 bits of entropy | for >= 128 bits of entropy `0-9` (10) | 20 | 39 `a-z0-9` (36) | 13 | 25 `A-Za-z0-9` (62) | 11 | 22 `A-Za-z0-9%$&/...` (95) | 10 | 20 gocryptfs uses *scrypt* password hashing. The [scrypt paper](https://www.tarsnap.com/scrypt/scrypt.pdf) includes this table that estimates the cost for cracking a password in one year: ![scrypt-table1](https://user-images.githubusercontent.com/286847/40873575-2b7c6436-6663-11e8-827c-ee327269d826.png) So it would cost 43 Billion Dollars to crack a 64-bit password. Adding another alphanumeric character multiplies the cost by 62.