March
22nd,
2004
I came across an interesting article on nist.gov which goes into some details on the strength of various passwords in bits of entropy per character, amongst other things. One point that interested me was that in most of the projections the marginal gain in entropy decreased as the password length increased, so going from say 4 characters to 5 characters would gain you more entropy than going from 29 to 30.
Of course that assumes you're not using totally random strings for passwords, but then who does that (apart from people with extremely good memories of course....!)