I didn't count them, but the passwords at the start all had eight characters, yes? Even with a wide character set, I don't think it would necessarily take a thousand years to brute force them - a lot depends on the responsiveness of the target system and whether it locks out password attempts etc. A quick system with no real anti-intrustion measures - I reckon 8 character passwords would probably fall within a few months, especially if you deployed a network of attackers. (Divide and conquer.)
Google "rainbow tables". Illuminating.