My point is that using passwords that length doesn't gain you anything. It would take the world's fastest super computer in 20 years from now about 7 trillion years to brute force 128 bits of entropy, assuming the speed of the fastest super computer in the world keeps doubling every 1.1 years. And your passphrases have far more than that. It's like I said: The only way you can think that it provides you anything is if you also think there's some entity that makes computers orders of magnitude I can't comprehend faster than anything around, even without any sort of key extending. To brute force 20 characters, it would cost $280,000,000,000,000,000,000,000,000.00 on Amazon EC2, or about 6,000,000,000,000 times the amount of money in circulation globally. It's safe to say 20 characters is enough (as long as they're fully random); you're literally not gaining anything beyond that. My point about keyloggers was to show the disproportion of your paranoia: anyone who could attack that could also easily fund a targeted attack on your computer that you would never be able to detect, well beyond stuxnet funding levels.