WPA2 passwords can be either 0-63 character strings which will be converted to a 64-character hex key by the software, or can be specified as a 64-character hex key directly. Since the keyspace to guess a 64-character hex key is 2^256 choices long, the attacker is going to spend a very, very long time trying to guess the password.
My recommendation has always been that people that want the ultimate security use random keys pulled from /dev/random and converted to a hexadecimal number. That key should then be input using the hex key option. While they are at it, they should also turn off WEP and WPA1, turn off TKIP and only allow WPA2 with CCMP. That will give the crackers something hard to chew on.