George Ou pointed out a few days ago that a good key could be seven characters long:
He argues that there’s sufficient entropy with just seven characters
with A-Z, a-z, and 0-9—although WPA passphrases must be at least eight
characters long. He also omits punctuation, which would add more fuzz
into the system for those trying to crack keys.
His approach is fundamentally consistent with Robert Moskowitz’s much linked-to paper on key weaknesses in WPA passphrase choice.
In that Nov. 2003 paper, Moskowitz notes that dictionary-based short
passphrases have a high degree of weakness, but that random values
could be as short as 96 bits (which could be represented as 12 hex
characters) and still be resistant to brute force attacks.
From Wi-Fi Networking News.