So to put in perspective how many passwords can be generated by a list of 1626 words in a 12 word combination, the number would be
341,543,870,028,173,427,817,970,975,906,355,941,376
or
341 undecillion
which can be broken down into
341 billion billion billion billion
Now for a look at the account address:
with a combination of 16 of 36 chars (numbers and alpha) the equation would look like this 36^16
which looks like this in integer from
7,958,661,109,946,400,884,391,936
or
7 septillion
which can be broken down into
7 million billion billion
At first glance you may notice the first equation has much higher output which also may lead you to believe that their must be an over lap somewhere or not enough addresses for passphrases, but you'd be wrong.
You see there are only 7,483,400,959 people in the world. http://www.worldometers.info/world-population/
This means that each person on the planet today gets ~1,063,565,563,269,597 Accounts to them selves.
or
This means that each person on the planet today gets ~45,642,639,319,547,431,219,827,739,664 Passphrases to them selves.
This also showcases that the chance for replication is less than the chance of a new generated key by a factor of billions. This doesn't mean that it's impossible but more likely than not a simple check to make sure the account isn't in use is made.
As for what @jumper has said above. I have took it upon myself to make an application that will brute force the local db. It only took 2 hours and I made it in C#.
I'm not sure of the sharing policy on the forums about releasing bruteforce apps to knock on the gates of the Burstcoins security, but the program will be posted on my github page.
Big Thanks to http://www.wolframalpha.com/ for crunching this numbers as normal computer programs can't handle the task due to insufficient numeric memory allocation
@Miky GoTo: https://forums.burst-team.us/topic/3838/regarding-the-recent-theft-of-burst-accounts/11