So can others tell me who is correct here... pooya or bob?
We are both right.
pooya87 mentioned that (correctly implemented) encryption algorithms (which are 'accepted' in the crypto scene) are unbreakable if the password is strong enough.
I was refering to the option to infect your PC to log the password the next time you decrypt/access your encrypted file.
Those are 2 completely different attacking methods.
Okay well if someone put malware on your computer, could they open up keepass and electrum or not if you have a very tough password.
They could not just open it instantly (unless there is a 0-day exploit, noone is aware of).
But they could to safe the password the next time you login.
Or even easier. They could (the next time you open electrum with your very tough password) simply move all your funds to their addresses.
An attacker doesn't always have to break an encryption. He can easily wait until you use the software (unencrypt your wallet) to steal your funds.
The other thing is what if you then open electrum on another computer then but not the one they infected or possibly infected. Then you are safe there right?
If the PC is not infected, you are safe.
But if you open electrum on your computer which might be compromised, then there will be problems since they could just put a keylogger and the moment you open electrum on the computer, then you have problems right?
The moment you open electrum an attacker can instantly steal your funds.
But he can also 'just' install a keylogger and log your password, yes.
So basically if you believe your computer is compromised, just no longer use that computer anymore and try to open keepass and electrum in a safe computer?
Yes. If not, you are running a big risk of your confidential data getting stolen.
After an infection you should completely(!) wipe your drive and install a fresh OS.