Received an email today with some corrected information.....
Greetings Gil
My name is Joe Grajewski and i am President of Mandylion Labs. I want to thank you for referencing our web site in your recent entry on passwords. I saw quite a number of folks visit our web site from the link you made and i traced it back. By the way, you were pretty accurate and straight forward in your description of the speed of brute force calculators with one exception. Unless the password is made by a purely random password generator that gives each character in the password a 1 in 94 chance of being selected, users should enter the number of each of the character sets into the calculator rather than put lets say 8 in the purely random row -- This is due to the fact that the cracking software searches keyspaces that , although you may feel you made it up at total random, they apply some intelligence in their search and are able to predict "humanly generated" passwords slightly faster than a purely random one -- an example is that the hacking software always assumes (before it gets into raw brute force mode) that humans have a tendency to put the special characters and numbers at the ends of the password or in the dead middle" - and therefore leave to "later" in the search looking for special characters in the 3rd, 4th and 6th position -- which doesn't seem like much but cuts the heck out of the search -- its now looking (in an 8 character password) for 94*94*52*52*94*94*94*94 as well as other tricks like doing first all the lower case up to the last 3 characters -- again they know they may wind up searching the entire population until they get a hit - so why not search the most probably first --