@kurtseifried I'd take the current required brute-force strength of symmetric ciphers as a baseline (e.g. NIST recommendations). And yes, I would consider the number of targets to avoid collisions.
Also, a major factor to consider are server-side mitigations (lock-out, throttling, etc.), but those can fail more easily.