Password vaults are increasingly popular applications that store multiple passwords encrypted with a single master password that the user memorizes. This promises to greatly reduce the burden on users to remember passwords, but introduces a single point of failure. An attacker that obtains a user's encrypted vault can mount offline brute-force attacks and, if successful, compromise all of the user's passwords in the vault. In this paper, we investigate building encrypted vaults that resist such cracking attacks, forcing attackers to move to an online attack. Our contributions are the following. We give an attack and supporting analysis showing that a previous design for cracking-resistant vaults actually degrades security relative to conventional password-based approaches. This was the only previous attempt we are aware of, and so we explore new approaches. In particular we introduce a new type of secure encoding scheme that we call natural-language encoders (NLEs). These support building vaults that, when decrypted with the wrong password, produce plausible-looking decoy passwords. We show how to build NLEs using existing tools from natural-language processing, such as $n$-gram models and probabilistic context-free grammars, and evaluate their ability to provide plausible decoys. Finally, we design and a full cracking-resistant vault system, called NoCrack. It incorporates combines our best NLE scheme with a number of other mechanisms. We report on an initial implementation and evaluation of the system.