“The password generator included in Kaspersky Password Manager had several problems. The most critical one is that it used a PRNG not suited for cryptographic purposes. Its single source of entropy was the current time. All the passwords it created could be bruteforced in seconds.”


They used math.random() on the web version y’all. This is a “security” company. I’m speechless.


@aral :blobcatgooglytrash: Kaspersky proves their incompetence again

@aral I would also recommend reading some articles about it here: palant.info/categories/kaspers. It's funny how a security company can fail that bad

Sign in to participate in the conversation

Fosstodon is an English speaking Mastodon instance that is open to anyone who is interested in technology; particularly free & open source software.