There are more than 5.000 words with 11 letters just in english.
Well, checking 5000 words whether they match a published SHA256 sum is matter of seconds (if you have good dictionary with these words):
I tried on my machine:
$openssl speed sha256
Doing sha256 for 3s on 16 size blocks: 7327569 sha256's in 3.00s
(so its more like 2500000 checks per second. Could be more if I'd use more threads, or I'd use some GPU sha256 cracker. Not sure if the bitcoin ASIC's can be used to crack plain sha256, but if yes, then with 400 GH/sec someone can go by bruteforcing it letter by letter, going from aaaaaaaaaas to zzzzzzzzzzs in only 6 minutes! - last letter was visible to be "S")
So if the password is a plain word in English or any other reasonable language, someone will guess it in less than a minute.
There are tons of good wordlists on the net, see for example at
http://wordlist.sourceforge.net/ - but on other sites there are many many wordlists, some of them meant for password cracking (those contains also commonly used gibberish words like "qwerty" and "123456"), some for spell checking (openoffice has spell-checking wordlists for almost all languages spoken on earth)
I guess I'd download bunch of them to have a chance on next one ... anybody knows about a good GPU sha256 cracker?
The pirate is much more difficult for bruteforcing like that - it consists of "2 to 3 words", possibly with capitalization and as it is either a person's or place's name, it is much less likely to be found in some dictionary. So that probably is same from bruteforcing like that, although if someone gets quite close to the solution by thinking (like somehow narrowing to a list of 1000 possible names), trying them all is matter of few milliseconds
You need to have more difficult solutions (like guessing a 20 characters phrase with hangman), otherwise I bet someone will guess the next one quickly again.
