Assuming the attacker knows it’s a phrase: The english language alone has some 800.000 words. 800.000^6 = 2*10^35 combinations in a dictionary attack. That’s comparable to 18 random ASCII characters. We might also be using a different language, or a combination of languages.

A long string of random characters will give you more combinations per password length, but there are some passwords you just need to be able to memorize, and I’d say that’s more likely with the 6 words.