My latest for Wired. How researchers hacked time to crack an 11-year-old password protecting $3 million in cryptocurrency. They found a significant flaw in RoboForm's password manager that made its pseudo-random-number generator not so random. The flaw allowed famed hardware hacker Joe Grand to turn back time and cause the RoboForm password manager to believe it was 2013 and spit out the same passwords it generated back then. RoboForm says it fixed the flaw in 2015, but it appears it never told customers about it. This means that if any of RoboForm's current 6 million users are using passwords generated by the password manager prior to 2015, before the company silently fixed the flaw, they may have passwords that can be cracked in the same way .
https://www.wired.com/story/roboform-password-3-million-dollar-crypto-wallet/
Kim Zetter /
npub1gx…yhhnu
2024-05-28 16:24:07
Author Public Key
npub1gxm0237r4hgj2jj5tsy7prkwdeuz2389fdgxheyl6wp5phytlmxs0yhhnuPublished at
2024-05-28 16:24:07Event JSON
{
"id": "8cbbd987a5fbb9980a1cdf3e717e112c9ec343bb01bc05fda62769320b856af1",
"pubkey": "41b6f547c3add1254a545c09e08ece6e782544e54b506be49fd38340dc8bfecd",
"created_at": 1716913447,
"kind": 1,
"tags": [
[
"proxy",
"https://infosec.exchange/@kimzetter/112519639682945235",
"web"
],
[
"proxy",
"https://infosec.exchange/users/kimzetter/statuses/112519639682945235",
"activitypub"
],
[
"L",
"pink.momostr"
],
[
"l",
"pink.momostr.activitypub:https://infosec.exchange/users/kimzetter/statuses/112519639682945235",
"pink.momostr"
]
],
"content": "My latest for Wired. How researchers hacked time to crack an 11-year-old password protecting $3 million in cryptocurrency. They found a significant flaw in RoboForm's password manager that made its pseudo-random-number generator not so random. The flaw allowed famed hardware hacker Joe Grand to turn back time and cause the RoboForm password manager to believe it was 2013 and spit out the same passwords it generated back then. RoboForm says it fixed the flaw in 2015, but it appears it never told customers about it. This means that if any of RoboForm's current 6 million users are using passwords generated by the password manager prior to 2015, before the company silently fixed the flaw, they may have passwords that can be cracked in the same way .\n\nhttps://www.wired.com/story/roboform-password-3-million-dollar-crypto-wallet/",
"sig": "0b1ab0fc16fcefe869b86197db4b404775fb8623722c24482781da96247a5270352a5ba4ea4495a09387622ce2281bad9f377fb9cf526c44de63bb92398d6aed"
}