36.99 minutes in  the case of offline  attack scenario and 2.22 sec if the massive cracking array of relevant devices is used, according to https://www.grc.com/haystack.htm   To be on the safe side the entropy of password should be at least 256 bit and password itself should consist of two parts, i.e dynamic and static, the latter delivered via HW security key (https://bitcointalk.org/index.php?topic=5223442.msg53778608#msg53778608).