[mistrial9]

the Oxford English dictionary has +200,000 words. Split the difference between your 5000 and that 200,000 and call it 100,000 word possibilities eliminating the 1,2 or three letter ones, case-sensitive with your own case rule .. (capital-S in the middle is fair).

each word, of say at least four characters.. with a "simple substitution of a letter with a number" .. which number? 10x per substitution..

add one or two special characters.. how many special characters are there? lets say numerals plus at least 16 more (counts key caps).. one or two adds means .. up to (10+16) squared more combinations

two words.. square that again? what am I missing? a brute force attack on that many combinations better include the right set of special characters.. because you will never match if you do not have the right set of characters in your brute force, right?

now, "10,000 hashes per second under these conditions" means you have hashed the guess, and compare to the hashed stored answer.. sure that is fast.. maybe you can do it, but did you say that you have a copy of the database and can run constant, undetected brute force in private for "forever" ? is that common? specific answers welcome