(Replying to PARENT post)
Seeding with the current time is the real sin here.
(Replying to PARENT post)
- getRandomValues() is not guaranteed to be running in a secure context.
- There is no minimum degree of entropy mandated by the Web Cryptography specification
- User agents are instead urged to provide the best entropy they can when generating random numbers, using a well-defined, efficient pseudorandom number generator built into the user agent itself, but seeded with values taken from an external source of pseudorandom numbers, such as a platform-specific random number function, the Unix /dev/urandom device, or other source of random or pseudorandom data.
From https://developer.mozilla.org/en-US/docs/Web/API/Crypto/getR...
Is there a better solution?
(Replying to PARENT post)
Can somebody please correct me if I'm wrong, but to bruteforce a password attackers need offline access to the stored passwords data and I'm assuming it mustn't be stored in a proper encrypted way
why should the onus be on the end client/ user to use 'crazy' lenght and complex passwords(I'm excluding stupidily simple passwords such as 123456 etc..)
surely a well design vault/ safe for the passwords and a restricted client logon system would stop all/ most attackers
(Replying to PARENT post)
Iโm on that list and Iโm scared.
(Replying to PARENT post)
But good to note that mt19937 is still not cryptographically secure.
(Replying to PARENT post)
(Replying to PARENT post)
https://en.wikipedia.org/wiki/Kaspersky_bans_and_allegations...
(Replying to PARENT post)
Pretty terrible bug to be unpatched and presumably uncommunicated for 2 years. Ouch.
(Replying to PARENT post)
(Replying to PARENT post)
Insert Kaspersky owned by Russia intelligence conspiracy here...
(Replying to PARENT post)
(Replying to PARENT post)
(Replying to PARENT post)
(Replying to PARENT post)
(Replying to PARENT post)
(Replying to PARENT post)
tr -cd "[:alnum:]" < /dev/urandom | fold -w 20 | sed 10q
And a real TL;DR:
Upgrade your Kaspersky Password Manager
(Replying to PARENT post)
Whoa. That's just ... Wow.