Flaw in PuTTY P-521 ECDSA signature generation leaks SSH private keys
LRQA Nettitude Labs
APRIL 16, 2024
However, PuTTY’s implementation of DSA dates back to September 2001, around a month before Windows XP was released. As such, the ECDSA signatures are encrypted before transmission in this context, so an attacker cannot get access to the signatures needed for this attack through passive network sniffing.
Let's personalize your content