If the "rules" say that a minimum password length must be at least 8 characters. True. I don't as a possible hacker, have to try any of the combinations with less characters than that. That eliminates many combinations and most folks will try to get a password that "just meets the requirements" - so I would focus on 8 character passwords.

There is no "best solution" for this.