Actually if you are anonymous it doesn't matter if you have a password at all, GPG will still offer you protection. A 4,096 bit key is the same size regardless of the password used to decrypt it . Your password is to protect your encryption key not to protect your encrypted messages. Those are decrypted with a session key. Which is decrypted with your encryption key. Which is decrypted with your passphrase as the key.