Sure they can, but as long as you picked a secure password it ought to take them long enough to make it impossible, in practical terms. Nobody is gonna spend years trying to break the encrypted database of some random Internet user, especially when it might be five or five hundred years till you pop it, and you don’t know which until it’s done.