All of which demonstrates the importance of requiring longer passwords. Also, keep in mind that these are maximum times required to crack a password and not the average times.
The average time to crack will just be half of the maximum, so it's not a big difference (compared to order of magnitude errors, anyway). Still good to point out, though.
I would guess that the letter frequency, digram and trigram frequencies etc are quite skewed compared to random. Just by taking that into account, you would crack an average password much faster than you suggest by trying the most likely passwords first. There are plenty of already cracked passwords to draw statistics from.
That in addition to traditional dictionary attacks.
That's a good idea if the password was human-generated. With computer-generated random passwords, like gH8r;2CpyyK!a, you might want to optimize differently.
- 6 chars: 1.2 seconds
All of which demonstrates the importance of requiring longer passwords. Also, keep in mind that these are maximum times required to crack a password and not the average times.