![]() “The consequences are obviously bad: any password could be cracked by brute force,” Bédrune said. ![]() The reason why someone hasn’t noticed this already is due to an animation that can be seen when the password is generated, which lasts longer than a second. This has a serious consequence, as the security researcher explains: “It means that every instance of Kaspersky Password Manager in the world generates exactly the same password at a given second.” The Real Flawīut that was not the real flaw: Because the KPM used the current system clock time in seconds as a Mersenne Twister pseudo-random number generator. While this is a “clever” idea, according to Bédrune, it has a drawback: it can be easily exploited when specifically attacking or reading KPM passwords. One of KPM’s methods was to make greater use of letters that are not as common to trick cracker tools that use brute-force approaches. However, this method lowered the strength of the generated passwords compared to specialized tools.” ![]() Bédrune: “The goal of this method was to generate passwords that are difficult for standard password crackers to crack. That’s because Kaspersky Password Manager (KPM) used a complex method to generate its passwords. But for years, that wasn’t the case with Kaspersky Password Manager, as a security researcher named Jean-Baptiste Bédrune has now uncovered as reported by ZDNet. After all, you want to rely on such a manager and generate and store hundreds and even thousands of passwords there. What do you expect from a security company and a password manager? The answer is easy: that they are secure. Password managers are a good thing because they allow you to collect today’s numerous and hopefully secure passwords without having to remember each one.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |