If you’re looking from a purely mathematical analysis perspective, you’re right.
The thing about newer password cracking tools is they have the ability to create heuristic matching rules. Consider for a moment the sheer amount of leaked data available. Then consider that most of the leaked data has already been cracked.
If you process a sufficiently large sample data set (ex millions of leaked passwords) you can discover common patterns relatively quickly. Combine that with frequency analysis to order them by weight and you have a complex – but completely feasible – platform for cracking passwords.
Check this out:
DEFCON 17: Cracking 400,000 Passwords, or How to Explain to Your Roommate why Power Bill is a High
Consider 11111111111111111. The pattern of repeating the same number many times is an easily identifiable and will likely score a high weight in the pattern listing. Therefore, with modern cracking tools it would have a high likelihood of being cracked.
Relying on mathematical complexity alone assumes that password crackers are incapable of developing effective strategies to divide and conquer.
We use machine learning algorithms to do pattern matching on images using large sample sets of images. 2D data is a hell of a lot more complex than string data. Is it really so hard to believe that you can train a computer to pattern match common password patterns when you feed it with a sufficiently large data set?