Process of elimination restricts character and symbol sets, generally, narrowing your set of possible combinations greatly.
The best way to crack a password isn't to brute-force it first, it's to first analyze who made the password, and the password system, to narrow down all possibilities before you try brute-forcing.
Example; if a person is American, you can pretty much assume they're restricted to the typical US keyboard and its symbols, for 90+% of the population. Very few people know of ALT codes or unicode or even the character map, even in IT. That narrows your symbol subset down dramatically. System for passwords truncates after 12 characters, has a minimum of 8? You already know you don't need to try doing anything with more than 12 characters, and you can limit your password cracking to starting with 8 characters and ignore anything with fewer than that. That eliminates a whole slew of brute-forcing that is required, as you've now narrowed down the password range.
All it takes is a little thinking. Man can make it, man can break it, there is simply no exception.
I believe the poster upthread already considered only restricted characters (upper + lower + digits), so the difficulty they stated is what remains after your analysis.
> Man can make it, man can break it, there is simply no exception.
You got an example of anything man has made that man has not broken?
"I believe the poster upthread already considered only restricted characters (upper + lower + digits), so the difficulty they stated is what remains after your analysis."
No it's not, because they didn't think of things like password truncation (which my bank annoyingly does) and various other things.
I tested it. It took me almost an hour to crack my chosen mixed-character + symbol 15 character password with a GTX970 implementing the few rules I stated above. Howsecureismypassword.net says it would take a computer 16 BILLION years to crack.
