Could someone please explain the current strategies of brute-force password crackers these days? I presume that huge dictionaries of existing passwords, words, phrases, etc., + brute force alphabetic enumeration in order of probability?