If keeppass removes the possible timing attack, the attacker could just add it back in and use their own client, if they have a copy of your database.
If keeppass removes the possible timing attack, the attacker could just add it back in and use their own client, if they have a copy of your database.