Kaspersky used the current time to the second as the seed in a Mersenne Twister pseudorandom number generator. The main issue with the suggested passwords is the single source of entropy used. While this is a good idea, it does mean that if it can be determined that an individual is using Kaspersky Password Manager, it would be possible to deduce the bias and crack passwords more quickly. When an attempt is made to crack a password, it would likely take much longer due to these atypical letter combinations. To make it harder to guess the randomly generated passwords, Kaspersky made certainly commonly used letters appear less frequently and less frequently used letters appear more often, as well as increasing infrequently used letter combinations. Kaspersky used a complex process to generate passwords, which was intended to make it difficult for hackers to guess passwords however, the method used actually made it easier.
#Kaspersky password manager flaw easily bruteforced generator
Jean-Baptiste Bédrune of the French cybersecurity firm Ledger Donjon has published a technical write-up about several security flaws he discovered in the Kaspersky Password Manager, with one of the most serious in the pseudo random number generator used by the solution. The reason for the update and alert is now clear. The problem was resolved by Kaspersky in October 2019 with a Kaspersky Password Manager update and users were sent an alert telling them that they should regenerate their passwords.
Unfortunately for users of the Kaspersky Password Manager, that feature was making it very easy for hackers to brute force those passwords. Password managers have a feature that generates random passwords to make it easier for users to create strong, unique passwords for all of their accounts.
0 kommentar(er)
