Security is RoboForm's top priority. When you install RoboForm, all decryption of your RoboForm data happens locally on your device and not on our servers. No RoboForm data can be accessed without the Master Password, and we have no way of knowing what your Master Password is because RoboForm does not transmit it to our servers.
To protect against dictionary, brute force, or other attacks, we use AES256 bit encryption with PBKDF2 SHA256, 4096 iterations. PBKDF2 is a key stretching algorithm used to hash passwords with a salt. We also require a minimum Master Password length of 8 characters, with a minimum of 4 nonnumeric characters.