My ISP assigns passwords - with no option to make your own strings. They use a random combination of about six short-ish words. How effective is a brute force approach for guessing those?
Is this RFC2289? That, as written, uses six words from a dictionary of 2048 to represent six groups of 11 bits that encode a 64-bit number (with a bit of juggling to get 66 bits from 64).
If so, there are 2^66 possible different combinations of words, of which only 2^64 are actually used.
RFC2289 is quite old, now. It describes using MD4, MD5, or SHA-1 digest algorithms in a password generation function. Given the general weakness of passwords I would think that RFC2289 with SHA-1 would still be regarded as better than a user-chosen password, but one could update the algorithm to use a better hash function -- but then one would probably want to use more than 64 bits of the digest output, and so would end up with more than six words in the password.