Premise: Any attack on a password — whether online (login attempts) or offline (hash cracking) — will be designed so that the more likely a given password is, out of the space of all possible passwords, the less work is required to recover that password (unless a trivial amount of work is required to discover any possible password).
From (1), there exists a probability distribution of passwords.
Premise: There is a (practical) maximum length for passwords.
From (3), the set of possible passwords is finite.
From (2) and (4), there is a minimum probability in that distribution.
Use one of the passwords which has that minimum probability.
(There are at least two ways this doesn't work.)