The message below is from the site http://www.jgen.ws/jlog/keepass/cracking-keepass/.  I just wanted to post it because I have been using KeePass for some time now and am asked questions similar to this all the time.  Version 2.19 has recently been released.  Enjoy reading and thank you JLog for the article.

For the past couple of months, at least 30 people having been showing up at JLog every week asking how to crack KeePass. I don’t know if you’re wondering if it’s possible or if you’re hoping I can tell you how to do it.

So, for the 30 who will be showing up every week forevermore if this present rhythm continues, I will tell you everything I know.

The whole purpose of KeePass is that it cannot be cracked.  Nevertheless, it can’t be better than your password.  If someone can get your master password they can have access to your database.

Other than that, according to their documentation, and I quote, “the sun will go nova before you have decrypted the database”.  The master password and the database contents are encrypted with an algorithm similar to what’s used in banks.  Your password is encrypted while KeePass is running.  Clipboard contents are set by default to clear in 10 seconds.  There are no leftover software bits around your computer that anyone could use to break in.  It’s Fort Knox, Stonehenge and the Great Wall of China rolled into one. There is no back door in.  Either you have the password, or you don’t.

Pick a good master password.  At least 12 mixed characters; upper-case, lower-case and numbers.  If you want to be even more secure, throw in a few symbols off the top row of your keyboard.  Be as obscure as possible.  In other words make up a phrase, don’t just pick keys in order off the keyboard or a single word that can be found in a dictionary.

The only place I wrote down my master password is amongst my legal papers, in case of my accelerated decline or sudden demise.  No-one in my house is interested in finding it.  I don’t carry it around out of the house anywhere except in my mind.

The only other place I keep the master password is in a portable clipboard extender on a thumb-drive so I can paste it from there into KeePass on my C-drive and not have to type it in every time.  This is for use only at home.  Copy and paste is safer than typing in case of keyloggers.  (I’m not an expert in this field but I think.)

You can change your master password anytime by clicking ‘Change Master Key’ in the File menu.

If you’re still not satisfied you can also make a key-file to work instead of or in combination with your master password. A key-file is a random block of text that you create by clicking your keyboard or moving your mouse around randomly.  It produces a paragraph of characters that you couldn’t memorize in 20 years, nor would you want to, so wherever you put it you’d better not lose it.

But, please be my guest, go read their documentation and put your mind at rest.  Honestly, I know nothing.