-
-
Notifications
You must be signed in to change notification settings - Fork 138
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CVE-2024-31497: Secret Key Recovery of NIST P-521 Private Keys Through Biased ECDSA Nonces in PuTTY Client #531
Comments
+1 |
+1, see also here: https://www.openwall.com/lists/oss-security/2024/04/15/6 |
+1 |
2 similar comments
+1 |
+1 |
My trust in this project is gone, which is a shame because of the functionality. But it would be wise if the developer would archive this repository as it doesn't seems that anyone wants to continue this project. Many thanks for all the work you put into it over the years @cyd01 |
https://github.com/lalbornoz/PuTTie has released a version with a fix. Not there yet in terms of KiTTY features, but worth exploring. |
Font size change on ctrl + mouse-wheel! One of top useful KiTTy features is in PuTTie. @opbod, I owe you a beer. |
The vulnerability mentioned in the title also affects KiTTY as it is a modified version of PuTTY 0.76. Given the long-open vulnerabilities for KiTTY, I suspect that this will be the case here as well. Therefore, be advised not to use ECDSA NIST-P521 alongside KiTTY any longer. If you have been using it, rotate your keys to another algorithm (preferably ssh-ed25519).
More details regarding this vulnerability can be found here: https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-p521-bias.html
The text was updated successfully, but these errors were encountered: