In that case, since a human would have to enter it, I'd stick with 6-to-10 alphanumerics only, but run it past cracklib to make sure it's not trivially brute-forceable, and also have some mechanism to ensure that it gets changed on first use.

-- Randal L. Schwartz, Perl hacker
Be sure to read my standard disclaimer if this is a reply.