Skip Navigation
Security @programming.dev
testeronious @lemmy.world

PuTTY vulnerability vuln-p521-bias

www.chiark.greenend.org.uk /~sgtatham/putty/wishlist/vuln-p521-bias.html
Hacker News @lemmy.smeargle.fans
bot @lemmy.smeargle.fans
BOT

PuTTY vulnerability vuln-p521-bias

7 0
Cryptography @lemmy.ml
Arthur Besse @lemmy.ml

Putty vulnerability: bias in ECDSA deterministic nonce generation leads to compromise of NIST P521 keys with ~60 signatures

1 0
1 comments

  • If I understand correctly, the signatures generated by PuTTY aren’t perfectly random, so if someone got a hold of a bunch of keys from a server, they could figure out the pattern. It takes about 60 keys. This affects not just PuTTY, but also FileZilla, WinSCP, TortoiseGit, and TortoiseSVN.

    In other words if you have NIST P-521 keys, or any others using 521-bit ECDSA, you should revoke them and generate new key pairs. After you update your software.