Thanks, Dave. Very interesting. How about: A random string is the hardest password to guess. In that sense a random string is optimal. But use of * or ! in the shadow file does not provide a password so that is optimal when you don't need a password. I had seen those asterisks and double-bangs !! in the shadow file for years and never knew what that was about. Before that they used to be in /etc/password. Remember that? There wasn't always a shadow file and the encrypted passwords used to be readable by all! Mike