>If the OP is unable to generate a strong secret on its own, How is the strength of a secret to be evaluated, and by whom? Will developers need to plug-in their own evaluation criteria if they are unsatisfied with what comes bundled into a library? -Shade