The topic assumes some knowledge of genetic algorithms as well as password hashing.
You can look at the section "How it work" on my github page for some diagrams and a decently lengthy description.
In simple words:
Each organism is a password(a string). Passwords can mix(have sex) with each other in novel ways to produce offspring. If the offspring(a mix of the parents) also matches a password, it is added to the list of organisms. Older organisms eventually die, so it is up to the offspring to keep producing offspring in order to preserve the genetic line. The result of this simulation is that high impact substrings like "love", "luv", "mother" and "fuck" stay for a very long time in the genepool since any organism that consists of at least one of them will have a better chance to produce a child that is a password(viable offspring).
If you still don't understand, feel free to ask more questions.
1. Finds the substrings that are popular in passwords.
2. Combines them to make likely passwords that haven't been tried yet.
3. Rinse and repeat
Useful against noob passwords - of which are there many in the wild - and more effective for some applications than the usual dictionary search.
But ineffective against randomised strings like KPF27k5ANv791P2Yi88xd88D7iALX3kH, or against XKCD random word salad passwords like QuantumGerundApoptosis as long as they include at least one unusual word.
Yes it is completely useless against random strings as one would expect, but with word salad it not completely useless. For example, it can find words like "tequieromuchogerald" and "paulaalejandrailove" easily enough. I haven't fully explored its ability to do this, but I suspect starting with a dictionary of words instead of a random population might aid it in finding XKCD like random passwords. In general I don't disagree though, passphrases if chosen correctly can be completely intractable to a password cracker.
It might be interesting to use the word frequency of the target language as some sort of weight for each word, or maybe as a multiplier for the number of times that word will get pushed to the back of the queue, i.e. the words with the most frequency get to be repeated more than 1 time when pushed to the back, or something like that.
I see what you are saying. To some extent this is already true ,since high frequency ngrams(substrings) already dominate the gene-pool if they happen to facilitate the production of a large amount viable offspring. That is why you would see swearwords with high frequency since that is what many people use for passwords(in the case of the myspace list).
You can look at the section "How it work" on my github page for some diagrams and a decently lengthy description.
In simple words: Each organism is a password(a string). Passwords can mix(have sex) with each other in novel ways to produce offspring. If the offspring(a mix of the parents) also matches a password, it is added to the list of organisms. Older organisms eventually die, so it is up to the offspring to keep producing offspring in order to preserve the genetic line. The result of this simulation is that high impact substrings like "love", "luv", "mother" and "fuck" stay for a very long time in the genepool since any organism that consists of at least one of them will have a better chance to produce a child that is a password(viable offspring).
If you still don't understand, feel free to ask more questions.