From MRL Wiki
In an exhaustive or brute force attack, the attacker tries all possible passwords, usually in some automated fashion.
In the case where all passwords are evenly distributed, on average the attacker must try only half of the password space. However, an intruder can also use to advantage the fact that passwords are not evenly distributed. Because a password has to be remembered, people tend to pick simple passwords.