Ok ~180,000 words in the English language, so there are 180,000^4 different variations: 1,049,760,000,000,000,000,000
That's a lot, but a lot of magnitudes less than needed to crack a normal Bitcoin address.
Furthermore you don't need to crack a specific Bitcoin address, if there are multiple people using it the chance to successfully steal Bitcoins increases.
Where am I wrong?
Well 180,000^4 = 2^70 Most passwords have far far far far less than 70 bits of entropy.
While it is harder than brute forcing a private key (which is impossible) it is beyond what is computationally feasible with any reasonable cost/time constraint.
The fact that multiple people might be using the same password doesn't matter in this case. We aren't talking about a brain wallet. The attacker would need a copy of the wallet.dat and attempt to brute force that wallet individually. The QT client uses a random 64 bit salt when hashing the passphrase which means there is no precomputation or shared attack possible. Each potential password has to be salted and check against a single wallet file (which the attacker needs to have access to first). The QT wallet also employs key strengthening by hashing the password many tens of thousands of times so instead of the attacker getting to use 1 hash = password attempt it is 56,000 hashes = 1 password attempt.
So putting that all together.
2^70 possible passwords.
Assume 2^16 hashes per password so 2^70 * 2^16 = 2^86 hashes needed
A high end GPU can attempt ~1B SHA-2 hashes a second.
2^86 / 1000^3 / 60 / 60 / 24 / 365 = 2,453,426,321 GPU years. So if you had 1 billion GPUs you would have a 50% chance of brute forcing a single password on a single wallet in a year.
For the record most people probably would use a smaller dictionary so to be safe I would use more words (an additional one or two words adds significant security while still being memorable) but even still it is probably more secure than 90% of the passwords people "think" are safe. That was the whole point of the cartoon. The complicated garbage password people try to come up with actually has very little entropy. A purely random password "h23j2hF@xl-hd$ij" has about 6.5 bits of entropy per symbol so to acheive 70 bits of entropy would require 11 char/smbols. In the real world most user's password that they think are strong have much much less entropy. NIST estimate is the average user select 8 digit password with upper, lower, number and symbols has about 18 bits of entropy.
http://en.wikipedia.org/wiki/Password_strengthDiceware is another example of a method to randomly pick a password by rolling dice and comparing it against a much smaller word list. The words are chosen to avoid words which may be hard to remember, have alternate spellings, may be mixed with other words, etc. Even with a much smaller word list diceware is ~12 bits of entropy per word. 6 or 7 words combined with random salt and key hardening is impossible to brute force.
http://world.std.com/~reinhold/diceware.html
