You have to assume, that attackers are economically reasonable. This holds true for both, the digital and the real world. If a bank vault is known to contain $100, no sane robber would even attempt to get into it, since his expenses for planning the robbery would exceed the loot.
So the real question is: How much is access to your data worth to the adversary? So you should choose your defensive means appropriately to make it economically unfeasible to attack you.
I have done the calculations in this thread (in German):
To summarize: Cracking even a fairly good password (12 random ASCII characters) protected by our key derivation function requires either millions of years on a single machine or millions of machines if the attack shall be successful within a single year. Buying the hardware (without using it) costs you billions of dollars. But it gets worse: Running the hardware costs you even more because you need a shitload of energy exceeding what the (at the time of writing this) largest power plant can produce.
That said, you should not use a 12 char password. Better use a nonsense pass-sentence. Length is way more important than complexity!