Well, given a 6-character long password with a-z, A-Z, 0-9 and special characters (for argument's sake, we'll use those found above the numbers on a qwerty keyboard) you're looking at 139,314,069,504 possible combinations. That's over 4,000 years to crack @ 1/sec. Even a 5-character letters and numbers only password is 916,132,832 combinations and ~29 years to crack @ 1/sec.
I suppose you could get a group of computers all trying at the same time, but how many machines are you going to use to divide workload?
What is more probable is finding another way in; this is usually a SQL injection or a miss-check that allows you either direct or round-about access to the database so you can dump the (presumable) password hash or direct password. Then, it's a lot easier to have a look-up table or algorithm that breaks down the hash.
Answer aside, with regards to your comment:
I am merely trying to prove a point to someone who thinks that developing his own login script is better than implementing a package that has already covered these "hacking" prevention issues.
There's something to be said for writing your own; experience, triumph & trust (among others). Don't get me wrong, as a software guy I've learned to appreciate libraries others have written, but if I never wrote my own String class I don't think I would have as much appreciation for the data type (nor as much understanding about memory management). With that said, if this is a production environment I do agree with you and a "professional" library should probably be used.