The most common method is known as a dictionary attack. It is based on the knowledge that many users choose their passwords in a very predictable way. Often a user's password can be found in a dictionary or is the name of a close relative with small modifications, e.g., ``Susan1'' or ``neme$i$''. The attacker compiles a list of common names and words. For a given salt, the words in the list are hashed with the password scheme and compared with entries of the same salt in the password file. If there is a match, the plaintext password has been found.
Commonly, lists of likely passwords contain hundreds of thousands of words. A dictionary attack is only feasible when the one-way function can be computed quickly. Bcrypt's cost can be made as high as tolerable by legitimate users, rendering dictionary attacks impractically slow.