Any password you create could be brutally broken in seconds. Its only source of entropy was the present tense. “The most important thing is that he was using an inappropriate PRNG for cryptographic purposes. "The password generator included in Kaspersky Password Manager has encountered several problems," the Dungeon research team explained in a post on Tuesday. To the problem assigned the index CVE-2020-27020, where the caveat that "an attacker would need to know additional information (for example, the time the password was generated)" is valid, the fact is that Kaspersky passwords were clearly less secure than people thought. To generate strong passwords, Kaspersky Password Manager must rely on a mechanism for generating strong passwords ”. A key point with password managers is that, unlike humans, these tools are good at generating strong and random passwords. “The main feature of KPM is password management. The product is available for different operating systems (Windows, macOS, Android, iOS, Web…) Encrypted data can be automatically synchronized between all your devices, always protected by your master password. So like other password managers, users need to remember a single password to use and manage all of their passwords. This safe is protected by a master password. Kaspersky Password Manager is a product that safely stores passwords and documents in an encrypted and password-protected safe. “Two years ago, we reviewed Kaspersky Password Manager (KPM), a password manager developed by Kaspersky. Researchers discovered that the password generator it had several problems and one of the most important was that PRNG used only one entropy source In short, it was that the generated passwords were vulnerable and not at all secure. The tool used a pseudo-random number generator that was singularly unsuitable for cryptographic purposes. Few days ago a tremendous scandal was set up on the net by a publication made by Donjon (a security consultancy) in which basically discussed various security issues of "Kaspersky Password Manager" especially in its password generator, as it demonstrated that every password it generated could be cracked by a brute force attack.Īnd it is that the security consultancy Donjon he discovered that Between March 2019 and October 2020, Kaspersky Password Manager generated passwords that could be cracked in seconds.
0 Comments
Leave a Reply. |