Dan Goodin on Nostr: Every version of PuTTY released over the past 7 years contains a critical ...
Every version of PuTTY released over the past 7 years contains a critical vulnerability that allows for the recovery of certain types of secret encryption keys, specifically 521-bit ECDSA. An adversary in possession of a “few dozen signed messages” and the public key can recover the private key. I’m curious to know how widely this vulnerability is likely to be felt. I’m guessing most people have already replaced keys with only 512 bits, which I’m further guessing are already susceptible to factorization. Can anyone confirm or disabuse me of these guesses?
https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-p521-bias.htmlPublished at
2024-04-15 20:56:04Event JSON
{
"id": "be248db850ddd064dada2afc87b2d14683864b0c4b5d5293e4a5b33c712d33ff",
"pubkey": "147ee4e6ce3be559a048d5891b414f5187ae3a6dac96b30a0dae7982fe94cf18",
"created_at": 1713214564,
"kind": 1,
"tags": [
[
"proxy",
"https://infosec.exchange/users/dangoodin/statuses/112277229717414765",
"activitypub"
],
[
"L",
"pink.momostr"
],
[
"l",
"pink.momostr.activitypub:https://infosec.exchange/users/dangoodin/statuses/112277229717414765",
"pink.momostr"
]
],
"content": "Every version of PuTTY released over the past 7 years contains a critical vulnerability that allows for the recovery of certain types of secret encryption keys, specifically 521-bit ECDSA. An adversary in possession of a “few dozen signed messages” and the public key can recover the private key. I’m curious to know how widely this vulnerability is likely to be felt. I’m guessing most people have already replaced keys with only 512 bits, which I’m further guessing are already susceptible to factorization. Can anyone confirm or disabuse me of these guesses?\n\nhttps://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-p521-bias.html",
"sig": "087d364fad91a1a53f0a8a2120a6cfd36878040f60221c2000c903e651cccc20214c96816e63a164940ec7e7afe0c5c4d6ee4e1b83729802f815315045efaca9"
}