All the replies have given random statistics, but these don't shed much light on the length of time it may take an attacker to brute-force a password, or find a chink in the armor of the vault's encryption algorithm.
Now as I said, a significant threat actor with lots of time in their future plans can collect encrypted stuff such as vaults and bide their time. Someday, the decryption may be cost-effectively cheap. Someday, a flaw may be uncovered in the cryptography. Someday, a vault owner's secret key(s) may leak and can be correlated.
As I said, it's just a question of time, and the ability to hold on to your cards for long enough that they can be played in the proper manner. It may take 5 years, 10 or 20, but if the payoff is valuable enough, it's worth the wait for the threat actor.
