Looks like a distant relative of the American Fuzzy Lop.<p>I remember the go-go years of the early 1990s, when shadow passwords weren't the norm and cracking was easy.<p>Back then I'd consistently find machines in academic environments had a password same as username or an empty password. In fact, in non-technical areas, this could be the account of the "person in charge". I'd see 50% as many with a password involving things seen in the /etc/passwd line and then maybe 10% as many of that by running a word list I got out of PHRACK.
Interesting. I am new to the world of password guessing. Is there any significant benefit of using this attack vector? Is use of personal data alone able to offer a remarkable advantage?