Follow

“The password generator included in Kaspersky Password Manager had several problems. The most critical one is that it used a PRNG not suited for cryptographic purposes. Its single source of entropy was the current time. All the passwords it created could be bruteforced in seconds.”

donjon.ledger.com/kaspersky-pa

They used math.random() on the web version y’all. This is a “security” company. I’m speechless.

@aral I would also recommend reading some articles about it here: palant.info/categories/kaspers. It's funny how a security company can fail that bad

@bob Ah, I thought it was a reply to the other thread.
So less ironic but still, not sure why it’s not showing up.

@aral @bob I think this is related to CDNs, possibly HTTP 1.1, and webserver caching on Mastodon. Like the avatar update problem, I spent a lot of time investigating it, but found nothing which wasn't compliant.

@aral Glad I'm using
```< /dev/random tr -d -c "[:graph:]"``` with enough entropy for gerenation of my passwords.

Sign in to participate in the conversation
Aral’s Mastodon

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!