it is the password which is used to encrypt the wallet file and NO you do not need a 50-60 char long pass. brute force is done with a dictionary or similar ways so you are still pretty safe with a password which is 8 char long but it is random letter+number+signs
although i am interested to hear from f___o about the method he is talking about for breaking these encryptions, is it brute force the way i think or is it something else?
As he explained to me earlier... that graph shows the relative speed with which one can test passwords against the encrypted wallet file due to the hashing algorithms they use for comparing input password will file password.
Some algorithms are super fast, so you can test passwords faster... as you can compute their hashes faster to test against the encrypted file.
Of course, this is still brute forcing... so if you use a "secure" password which is nice and long (I hesitate to give a definite value, but certainly longer than 8 and the longer the better), and uses uppercase, lowercase, numbers and symbols... brute forcing is still going to take a "long" time to run through all the possible combinations... What the graph shows is just that one program (MultibitHD) would take considerably longer than the other (Electrum) due to password test speed.