![]() ![]() Knowing when the password was generated, even approximately, would therefore give a hacker vital information in an attempt to crack a victim's account. While that sounds super technical, it essentially boils down to KPM using the time as the basis for its pseudo random number generator. ![]() ![]() Unfortunately, according to security researcher Jean-Baptiste Bédrune (opens in a new tab), a bad coding decision meant that the passwords it generated weren't truly random and as a result were relatively easy to brute force - a hacking technique using specialized tools to try hundreds of thousands (or millions) of password combinations in an attempt to guess the right one.īédrune, who is a security researcher for the cryptocurrency hard-wallet company Ledger (opens in a new tab), writes that when generating a supposedly random password, KPM used the current time as its "single source of entropy." The Kaspersky Password Manager (opens in a new tab) (KPM), a free tool used to generate and manage online passwords, has long been a popular alternative to the likes of LastPass or 1Password. Password managers are a vital line of defense in the battle for internet security - which makes it all the more painful when they shit the bed. ![]()
0 Comments
Leave a Reply. |