Breaking a Password Supervisor – Schneier on Safety – Nexus Vista

Breaking a Password Supervisor

Attention-grabbing story of breaking the safety of the RoboForm password supervisor in an effort to get well a cryptocurrency pockets password.

Grand and Bruno spent months reverse engineering the model of the RoboForm program that they thought Michael had utilized in 2013 and located that the pseudo-random quantity generator used to generate passwords in that model­and subsequent variations till 2015­did certainly have a big flaw that made the random quantity generator not so random. The RoboForm program unwisely tied the random passwords it generated to the date and time on the consumer’s pc­it decided the pc’s date and time, after which generated passwords that had been predictable. Should you knew the date and time and different parameters, you would compute any password that might have been generated on a sure date and time previously.

If Michael knew the day or basic timeframe in 2013 when he generated it, in addition to the parameters he used to generate the password (for instance, the variety of characters within the password, together with lower- and upper-case letters, figures, and particular characters), this would chop the doable password guesses to a manageable quantity. Then they may hijack the RoboForm perform chargeable for checking the date and time on a pc and get it to journey again in time, believing the present date was a day within the 2013 timeframe when Michael generated his password. RoboForm would then spit out the identical passwords it generated on the times in 2013.

Posted on June 4, 2024 at 7:08 AM
1 Feedback

Sidebar photograph of Bruce Schneier by Joe MacInnis.

Add a Comment

Your email address will not be published. Required fields are marked *