• pwshguy (mdowst)@programming.dev
    link
    fedilink
    English
    arrow-up
    1
    ·
    8 months ago

    If I understand correctly, the signatures generated by PuTTY aren’t perfectly random, so if someone got a hold of a bunch of keys from a server, they could figure out the pattern. It takes about 60 keys. This affects not just PuTTY, but also FileZilla, WinSCP, TortoiseGit, and TortoiseSVN.

    In other words if you have NIST P-521 keys, or any others using 521-bit ECDSA, you should revoke them and generate new key pairs. After you update your software.