KiTTY icon indicating copy to clipboard operation
KiTTY copied to clipboard

Published 20 hours ago verified publisher icon cyd01

CVE-2024-31497: Secret Key Recovery of NIST P-521 Private Keys Through Biased ECDSA Nonces in PuTTY Client

Open TrueSkrillor opened this issue 1 year ago • 8 comments

The vulnerability mentioned in the title also affects KiTTY as it is a modified version of PuTTY 0.76. Given the long-open vulnerabilities for KiTTY, I suspect that this will be the case here as well. Therefore, be advised not to use ECDSA NIST-P521 alongside KiTTY any longer. If you have been using it, rotate your keys to another algorithm (preferably ssh-ed25519).

More details regarding this vulnerability can be found here: https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-p521-bias.html

TrueSkrillor avatar Apr 15 '24 20:04 TrueSkrillor

+1

kev-pearce-sp avatar Apr 16 '24 14:04 kev-pearce-sp

+1, see also here: https://www.openwall.com/lists/oss-security/2024/04/15/6

wiesl avatar Apr 16 '24 16:04 wiesl

+1

EirikBjarkoy avatar Apr 17 '24 09:04 EirikBjarkoy

+1

vittoriop77 avatar Apr 17 '24 14:04 vittoriop77

+1

jesseorr avatar Apr 18 '24 15:04 jesseorr

My trust in this project is gone, which is a shame because of the functionality. But it would be wise if the developer would archive this repository as it doesn't seems that anyone wants to continue this project. Many thanks for all the work you put into it over the years @cyd01

Dubbeldrank avatar Apr 19 '24 06:04 Dubbeldrank

https://github.com/lalbornoz/PuTTie has released a version with a fix. Not there yet in terms of KiTTY features, but worth exploring.

opbod avatar Apr 25 '24 11:04 opbod

https://github.com/lalbornoz/PuTTie has released a version with a fix. Not there yet in terms of KiTTY features, but worth exploring.

Font size change on ctrl + mouse-wheel! One of top useful KiTTy features is in PuTTie. @opbod, I owe you a beer.

mariuszjedrzejewski avatar May 14 '24 10:05 mariuszjedrzejewski