That depends entirely on the hash function being used.
With a bad choice like SHA256, a 7 word passphrase could be cracked in as little as a few months with a single ASIC. The US government probably has a bunch of them already, so I think that an 8 word passphrase is already within reach for current tech.
Of course, with a real key derivation function like Argon2id, things would look much better.
With a bad choice like SHA256, a 7 word passphrase could be cracked in as little as a few months with a single ASIC. The US government probably has a bunch of them already, so I think that an 8 word passphrase is already within reach for current tech.
Of course, with a real key derivation function like Argon2id, things would look much better.