[ozim]

Imagine you got database with 100k passwords to crack. You want to crack as much passwords as possible in shortest time. You don't have time to go full brute force, and also you don't even know what was the length of password.

So first you get all dumb single passwords from dictionary (love, hate, fuck, password), if you have cracking rig or some beefed up server you will go through 100k passwords and all single words, starting with ones commonly used very quickly (sorry, but math I leave for others). Even though hash algorithm works on characters you just make hashes from dictionary words and compare to hash. You can go even further and have list of stupid words already hashed, so now you just need to compare prepared hashes (google rainbow tables), nice optimization. Then you can have improved dictionary with l33t sp33k.

Let's say you get 10% of passwords this way form 100k.

Now you see other people have stronger passwords, so still instead of going random generate combinations of 2 words and run through database, then you can go with combinations of 3 words. This will let's say get you another 20% of passwords.

There are many other optimizations you can come up with. Passwords that you did not cracked you just leave, you don't have incentives to run 12 character full brute force combinations. You have to get passwords as soon as you have them and start credential stuffing everywhere to get as much as you can. It is not some fun and games to crack your school mate password to post "I am stupid" on his wall.