CVE-2024-31497: Secret Key Recovery of NIST P-521 Private Keys Through Biased ECDSA Nonces in PuTTY Client #531
Comments
|
+1 |
|
+1, see also here: https://www.openwall.com/lists/oss-security/2024/04/15/6 |
|
+1 |
|
My trust in this project is gone, which is a shame because of the functionality. But it would be wise if the developer would archive this repository as it doesn't seems that anyone wants to continue this project. Many thanks for all the work you put into it over the years @cyd01 |
|
https://github.com/lalbornoz/PuTTie has released a version with a fix. Not there yet in terms of KiTTY features, but worth exploring. |
Font size change on ctrl + mouse-wheel! One of top useful KiTTy features is in PuTTie. @opbod, I owe you a beer. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The vulnerability mentioned in the title also affects KiTTY as it is a modified version of PuTTY 0.76. Given the long-open vulnerabilities for KiTTY, I suspect that this will be the case here as well. Therefore, be advised not to use ECDSA NIST-P521 alongside KiTTY any longer. If you have been using it, rotate your keys to another algorithm (preferably ssh-ed25519).
More details regarding this vulnerability can be found here: https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-p521-bias.html
The text was updated successfully, but these errors were encountered: