Here is a nice post on password strength.
The difference made by the number of characters to the time it would take to crack a password is truly amazing.
No further comment!
Addendum or another comment at Wednesday, September 01, 2010, 8:45 PM: It has been pointed out to me by a friend (who is flattering me by reading my posts) that I "misstate" the point of the blog post I am linking to: The times it takes to crack a password comes from a LifeHacker article that this post is disputing. I am not sure that I misstate the point of the blog entry because I don't say anything about what its point is.
The the blog post does not raise any doubts about the mathematics on which the the time estimates are based. Perhaps the mathematical ratio by which the times increase is simple-minded, but "all the duration ratios in the table make sense." That's what interested me.
The post does raise doubts, however, about how this applies to actual cracking programs (the ratios don't "explain how password cracking programs actually work.") Depending on what algorithms a cracking program uses, even a shorter password might take longer to crack than the table predicts, etc. So, there are questions "which are a hell of a lot more interesting than raising 26 to a variety of powers." Agreed!
In so far as I did not get into any of this, I may be said to have misled the reader who did not go and read the blog entry I referenced. Mea culpa ...