Instead of guessing passwords at random or using a simple dictionary, a PCFG model analyzes a training set of leaked passwords to learn the "grammar" of how people build them.

If Device A generates key $N_1 = p_1 \times q_1$ and Device B generates key $N_2 = p_1 \times q_2$ (sharing the prime $p_1$ due to a "broken" RNG), an attacker can compute the Greatest Common Divisor (GCD) of $N_1$ and $N_2$ to retrieve the shared prime $p_1$.

# On attacker machine nc -lvnp 4444