12-22-2016, 04:13 PM
Its not "better" than using rules, its meant to be used in dictionary and combination attacks in addition to using rules. First you run the dictionary in all lowercase. Then with the first letter capitalized. Then you try adding names, dates, ect. The idea is to try the most likely passwords first before resorting to bruteforce attacks or massive wordlists.
There once was a study done on the most frequently used passwords. There was a list of about 10,000 common passwords that would crack about 70% of all hashes from common users.
There once was a study done on the most frequently used passwords. There was a list of about 10,000 common passwords that would crack about 70% of all hashes from common users.