Kaspersky’s random password generator isn’t random at all. Kaspersky says the issue has been fixed.
“The password generator included in Kaspersky Password Manager had several problems,” the Donjon research team explained in a blog post (LINK).
“The most critical one is that it used a PRNG not suited for cryptographic purposes. Its single source of entropy was the current time.”
This lack of randomness meant passwords could be brute-forced in a matter of minutes, and perhaps even in seconds if the exact creation time is known.
Kaspersky has now fixed the vulnerability in all their apps, and all KPM users are advised to update to the latest version.
Kaspersky is just one of many password managers in the market today and if your business isn’t using one; you should.
Contact Acumen IT and we would be happy to walk you through the pros and cons of each software.
Get in touch and let’s talk