Kaspersky has generated insecure passwords
Keep in mind that Kaspersky is an option widely used by users to protect their computers. It is a very popular antivirus and also has other tools such as password manager. There are many who trust this tool to create keys and use them in their accounts.
However now a report shows that this key manager has been generating insecure passwords for more than a year. Specifically, the period between March 2019 and October 2020. It was the security consultancy Donjon that discovered this problem.
As indicated, the Kaspersy password manager has been using a pseudo-random number generator which was not the most suitable for cryptographic purposes. This meant that it could be decrypted in a matter of seconds.
Basically all the users who would have relied on this key manager to generate strong passwords were actually creating them without true security. They could be exploited with the right knowledge and put users at risk.
There is what is known as brute force to break a password. The stronger that key, the more difficult it is to find out by this method. However in this case it was possible in a matter of seconds, since it did not really use a complex algorithm.
This bug has been logged as CVE-2020-27020. They indicate that it is not completely secure and that it could allow an attacker to exploit that vulnerability. From Kaspersky they have already indicated that the error was resolved through updates, so users who have this program must update to the latest version.
Should I trust password managers?
Without a doubt, it is very important to have keys that are strong and protect our accounts. We must always use passwords that are totally random and that they have everything they need to be safe. It should also be noted that for this a good idea is to use a password manager, which can help us to a great extent to achieve it. So are they safe?
The truth is that it will always be better to generate a password through this type of program. If we do it by ourselves, the normal thing is that we put letters, numbers or symbols that we can remember more easily or even repeat them. However with a computer application this is going to be totally random and it will meet the requirements. We have seen previously that it is not advisable to use key managers in the browser.
In case of Kaspersky it is simply a problem that they have had with the real security of those keys, although they would still be more reliable than many that we can generate ourselves. Of course, whenever we are going to opt for this option it is important to choose a good password manager.