Follow

“The password generator included in Kaspersky Password Manager had several problems. The most critical one is that it used a PRNG not suited for cryptographic purposes. Its single source of entropy was the current time. All the passwords it created could be bruteforced in seconds.”

donjon.ledger.com/kaspersky-pa

They used math.random() on the web version y’all. This is a “security” company. I’m speechless.

@aral I would also recommend reading some articles about it here: palant.info/categories/kaspers. It's funny how a security company can fail that bad

@bob Ah, I thought it was a reply to the other thread.
So less ironic but still, not sure why it’s not showing up.

@aral @bob I think this is related to CDNs, possibly HTTP 1.1, and webserver caching on Mastodon. Like the avatar update problem, I spent a lot of time investigating it, but found nothing which wasn't compliant.

@aral They're not a security company, they're an antivirus company. They sell FUD, just like all the others. All normal computer users are never going to encounter anything an antivirus protects you from (excepting malware in ads, but you can fix that with a (free!) ad blocker). That they're utterly incompetent with security is utterly unsurprising.

@aral they are fine security company but like any big corporation not all of their service are priority i.e. source of income.

@aral Glad I'm using
```< /dev/random tr -d -c "[:graph:]"``` with enough entropy for gerenation of my passwords.

Sign in to participate in the conversation
Aral’s Mastodon

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!