George Ou pointed out a few days ago that a good key could be seven characters long: He argues that there's sufficient entropy with just seven characters with A-Z, a-z, and 0-9--although WPA passphrases must be at least eight characters long. He also omits punctuation, which would add more fuzz into the system for those trying to crack keys.
His approach is fundamentally consistent with Robert Moskowitz's much linked-to paper on key weaknesses in WPA passphrase choice. In that Nov. 2003 paper, Moskowitz notes that dictionary-based short passphrases have a high degree of weakness, but that random values could be as short as 96 bits (which could be represented as 12 hex characters) and still be resistant to brute force attacks.
96 bits cannot be represented by six hex characters... One hex character (0-9A-F) is 4 bits, so 96 bits would be 24 hex characters or 12 bytes.
A 7 character string using only A-Za-z0-9 is the equivalent of about 42 bits.
Jacques.
[Editor's note: will fix in the main post -- thanks for the catch.--gf]