Learn how easy it is to sync an existing GitHub or Google Code repo to a SourceForge project! See Demo
... I think.
If an attacker looks into my keepass.ini he immediatley knows which is my keyfile (KeeKeySourceValue). Assuming he already has access to my PC, it makes the keyfile as good as useless. I could stick with my password only.
It would be nice to have an option "do not save keyfile history".
The best practice for a key file is to treat it as something you have and use on demand, not as something that is permanently available; e.g. keep the key file on a USB stick and supply it when needed. See the Help documentation for information on why it is pointless to hide the key file location.
thanks, I agree that obfuscation is never security and that an attacker can find eventually out (altough access times to files can be spoofed, cant they?); but I think this adds another layer of complexity to the task. Just like an onion... If I was better at coding I would add this feature myself.
I think you are missing the larger point; that keeping the key file in proximity to the password database is unsafe. The key file should be physically or virtually separate from the database and should be supplied only on-demand.