Take into account dictionary attacks

[ravisorg]

Try and detect when the user is basing their password off a word (or multiple words) and then calculate brute force time based on that knowledge. Include common things like l33t spelling replacements, mixed case, etc.

[gh-o-st]

I actually have the l337 speak replacements built into a project I created from forking this. If you'd like to use that portion of it in your project, it's the least I could do since your project was what inspired me to create it in the first place.

https://github.com/UberNerdBoy/Brutus/blob/master/Brutus.class.php