Using password managers is something very interesting to protect our accounts. It is important to have a different one for each record, so it is difficult to remember them all. It is especially complicated if we meet the basic requirements for it to be safe. One option is to generate a key with programs of this type, since this way they can be more secure than if we created them ourselves. Now, in this article we echo how the Kaspersky key manager has been generating insecure passwords.
Kaspersky has generated insecure passwords
Keep in mind that Kaspersky is an option widely used by users to protect their computers. It is a very popular antivirus and it also has other tools such as the password manager . There are many who trust this tool to create keys and use them in their accounts.
However now a report shows that this key manager has been generating insecure passwords for over a year. Specifically, the period between March 2019 and October 2020. It was the security consultancy Donjon that discovered this problem.
According to him, the Kaspersy password manager has been using a pseudo-random number generator that was not best suited for cryptographic purposes. This meant that it could be decrypted in a matter of seconds.
Basically all users who would have relied on this key manager to generate strong passwords were actually creating them without true security. They could be exploited with the right knowledge and put users at risk.
There is what is known as brute force to break a password. The stronger that key, the more difficult it is to find out by this method. However, in this case it was possible in a matter of seconds, since it did not really use a complex algorithm.
This bug has been logged as CVE-2020-27020 . They indicate that it is not completely secure and that it could allow an attacker to exploit that vulnerability. From Kaspersky they have already indicated that the error was resolved through updates, so users who have this program must update to the latest version.
Should I trust password managers?
Without a doubt, it is very important to have keys that are strong and protect our accounts. We must always use passwords that are totally random and that have everything necessary to be secure. It should also be noted that for this a good idea is to use a password manager, which can greatly help us to achieve this. So are they safe?
The truth is that it will always be better to generate a password through this type of program. If we do it by ourselves, the normal thing is that we put letters, numbers or symbols that we can remember more easily or even repeat them. However with a computer application this is going to be totally random and it will meet the requirements. We have seen previously that it is not advisable to use key managers in the browser.
The case of Kaspersky is simply a problem that they have had with the real security of those keys, although even so they would be more reliable than many that we can generate ourselves. Of course, whenever we are going to opt for this option it is important to choose a good password manager.