For now it looks to me that offline attacks aren’t possible.
However, we need to know all vectors for “online” accounts, their timeouts, how much these can be parallelized (run
su automated in different thousands of terminal-emulator tabs).
For usability a FED-quality password for root authentication is infeasible indeed. If we can answer this question and/or
exclude offline attacks, and increase difficulty for “online” attacks by increasing timeouts, there could even be secure relatively short linux user account passwords. If we could delay authentication attempts to being only possible once per X seconds, passwords might become short enough to have ok usability.
Configuring timeouts for “online” attempts requires root, which we assume the compromised user account does not yet have.
dir? /etc/shadow (contains passwords) isn’t encrypted but can only be accessed by root due to access rights.