HEADS recommended passphrase lengths / risks

(First post disclaimer at the bottom)*

I’ve read the documentation over at the Heads project site, in particular HEADS - Configuring Keys, but am still a little non-plussed as to if I’m following best practices for my new computer (which has HEADS pre-installed in addition to a GPG hardware token for HTOP and remote attestion that the device hasn’t been tampered with).

The official instructions for HEADS recommend a 6-word Disk Recovery passphrase (this makes sense to me, and I follow this). However, the Disk Unlock key passphrase which is required on every boot recommends a mere 3 word passphrase, which is where I’m confused.

Knowing what we know about advanced adversaries able to confiscate everything you have and crack passwords with low entropy, and the future possibility of quantum brute-forcing of even medium entropy passwords, doesn’t this pose a real threat to anyone with a threat model that includes device confiscation or theft?

I would simply set my Disk Unlock Key to a much higher entropy passphrase if this was a concern for me, but as HEADS doesn’t show anything on-screen whilst your password is typed, it would be very prone to input error. Is there a mitigating factor HEADS provides with Disk Unlock key that I’m not understanding here (ie. major limits on brute-forcing attempts), or is this just a case of balancing security with usability?

*apologies if I’m asking this in the wrong place (I’m not on Matrix and figure an answer here may help others with similar questions, plus it regards a Qubes-certified laptop and have seen the ever helpful @Insurgo active here).

Hi @mister_r0b0t0. We’re sorry but the forum is Qubes OS fovused and so it is not the appropriate venue for heads discussions. We are in talks about changing this policy. But for the moment, this is not the place. Sorry!