this post was submitted on 16 Apr 2024
13 points (93.3% liked)

Security

626 readers
1 users here now

A community for discussion about cybersecurity, hacking, cybersecurity news, exploits, bounties etc.

Rules :

  1. All instance-wide rules apply.
  2. Keep it totally legal.
  3. Remember the human, be civil.
  4. Be helpful, don't be rude.

Icon base by Delapouite under CC BY 3.0 with modifications to add a gradient

founded 1 year ago
MODERATORS
LinearArray
13
PuTTY vulnerability vuln-p521-bias (www.chiark.greenend.org.uk)
submitted 4 months ago by [email protected] to c/security
1 comments fedilink hide all child comments
top 1 comments
sorted by: hot top controversial new old
[–] pwshguy 1 points 4 months ago

If I understand correctly, the signatures generated by PuTTY aren’t perfectly random, so if someone got a hold of a bunch of keys from a server, they could figure out the pattern. It takes about 60 keys. This affects not just PuTTY, but also FileZilla, WinSCP, TortoiseGit, and TortoiseSVN.

In other words if you have NIST P-521 keys, or any others using 521-bit ECDSA, you should revoke them and generate new key pairs. After you update your software.