this post was submitted on 16 Apr 2024
13 points (93.3% liked)

Security

647 readers
5 users here now

A community for discussion about cybersecurity, hacking, cybersecurity news, exploits, bounties etc.

Rules :

  1. All instance-wide rules apply.
  2. Keep it totally legal.
  3. Remember the human, be civil.
  4. Be helpful, don't be rude.

Icon base by Delapouite under CC BY 3.0 with modifications to add a gradient

founded 1 year ago
MODERATORS
LinearArray
13
PuTTY vulnerability vuln-p521-bias (www.chiark.greenend.org.uk)
submitted 6 months ago by [email protected] to c/security
1 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] pwshguy 1 points 6 months ago

If I understand correctly, the signatures generated by PuTTY aren’t perfectly random, so if someone got a hold of a bunch of keys from a server, they could figure out the pattern. It takes about 60 keys. This affects not just PuTTY, but also FileZilla, WinSCP, TortoiseGit, and TortoiseSVN.

In other words if you have NIST P-521 keys, or any others using 521-bit ECDSA, you should revoke them and generate new key pairs. After you update your software.