Re: Not really correct
"it is possible to brute force a collection of hashes and you will usually get some useful results."
And this is where things go pearshaped.
The first time we ran "crack" against our password file, a large number of passwords such as '{username}', 'password' and 'letmein' fell out within seconds.
Yes, users really are that stupid, as well as believing that numeric swaps such as 0/o, 4/a, 3/e, 1/i make them more secure.