I currently use KeePass to store all of my passwords and am investigating using TrueCrypt to protect my data. As I was reading thorugh the documentation for both KeePass and TrueCrypt, I had a question: Aren't these encryption tools only as safe as the master password you use to unlock them? For example, the documentation for KeePass says the following: KeePass is a free open source password manager, which helps you to manage your passwords in a secure way. You can put all your passwords in one database, which is locked with one master key or a key file. So you only have to remember one single master password or select the key file to unlock the whole database. The databases are encrypted using the best and most secure encryption algorithms currently known (AES and Twofish). Isn't the weak point always going to be the master password used to secure the encrypted database, and not the encryption itself? Why should it matter what encryption the database uses if a hacker can just crack the master password protecting it using brute force or some other method? In other words, what is the encryption really protecting me from? It seems a non-encrypted database with a strong password would be much more secure than an encrypted database with a weak password, provided of course that the data in the non encrypted database wasn't stored in plain text format, otherwise the hacker could just open the database in a hex editing utility and access the protected data that way. What am I missing here?