Geeks are sexy have a page on this topic and a link to a website. Note the tips on not actually putting in your password but using a similar one.
There’s no reason why the US government couldn’t force the owner of that website to log all the passwords along with the IP addresses. Then demand from your ISP your name. Then target you. Why yes, I’m a paranoid pessimist.
My current Windows login pass phrase, although I did change some of the words but made sure they were the same length, comes in at 137 trillion years. My login to my server is only 2 trillion years. The pass phrase on my zipped backup file is 63 trillion years. The default random 20 character password which the open source KeePass utility generates is about 2 sextillion years.
So long as there isn’t a backdoor in the operating system, KeePass or the WinZip program I’m happy. (I use WinZip to make a zipped copy of my files onto an SD card and then onto a DVD. Just double checked. I’m using WinZip 9.0 SR1 which does not appear to have any vulnerabilities.)