Can you please provide some examples of password candidates that would follow your policy?
is it x times letters and y times digit?
how long is the password
It is also worth analyzing if this is feasible at all.
The algorithm used by IOS 11 is quite slow, therefore it is very important to come up with a good strategy and see if it doable at all.
Since it is a slow algorithm (and you can't really run a very large amount of password candidates, because that would be infeasible), it doesn't make much difference if you generate a word list or use -a 3 (note: for fast hashes you always should prefer -a 3 in general... also - but not most importantly - to save disk space) ... but you still need to generate the password candidates wisely and e.g. priorize the ones that are more likely etc.
6 numbers + 15 letters = 21 different characters ... if you are sure that e.g. only letters are at the beginning of the password candidates and the digits only at the end, this would already reduce the keyspace by a lot. If the different characters are positioned randomly (and there are no further restrictions) and the password length is > 7, it might quickly become infeasible even with a large rig of GPUs.
Note: you could also play with -a 3 and --stdout to see (and generate) some password candidates.
is it x times letters and y times digit?
how long is the password
It is also worth analyzing if this is feasible at all.
The algorithm used by IOS 11 is quite slow, therefore it is very important to come up with a good strategy and see if it doable at all.
Since it is a slow algorithm (and you can't really run a very large amount of password candidates, because that would be infeasible), it doesn't make much difference if you generate a word list or use -a 3 (note: for fast hashes you always should prefer -a 3 in general... also - but not most importantly - to save disk space) ... but you still need to generate the password candidates wisely and e.g. priorize the ones that are more likely etc.
6 numbers + 15 letters = 21 different characters ... if you are sure that e.g. only letters are at the beginning of the password candidates and the digits only at the end, this would already reduce the keyspace by a lot. If the different characters are positioned randomly (and there are no further restrictions) and the password length is > 7, it might quickly become infeasible even with a large rig of GPUs.
Note: you could also play with -a 3 and --stdout to see (and generate) some password candidates.