Dummy Database Files Discussion of the "dummy database file" feature request.

Would creating dummy database files increase security?

First of all note that it's very hard to obfuscate which files you are actually using. Windows remembers last accessed files, file indexing programs notice accesses, ...

Anyway, let's assume you'd create 1000 dummy database files, and let's assume an attacker doesn't have any clue about which file is the correct one. Now the security would be increased by a factor of 1000. Compare this to extending the master password. When you only use an alphanumeric character set ('a' to 'z', 'A' to 'Z' and '0' to '9', making 26 + 26 + 10 = 62 characters in the set), you could increase the security by a factor of 62 * 62 = 3844 by appending just 2 more characters to your master password.

So, by selecting one file among 1000, we get a factor of 1000. By appending 2 characters to the password, we get a factor of 3844. From a usability point of view, entering 2 more characters is a lot faster than finding and selecting a file of 1000s. Also, the master password extension way scales: by appending one more character, you get another factor of 62. In contrast, you'd need 62000 database files to get the equivalent 62 factor to the 1000 files.

If you worry about keyloggers, you should use a key file. A key file contains a 256 bit key (i.e. one out of 2²⁵⁶ different keys), which is a lot more secure than the small factor you get by selecting a database file out of 1000s.