Mastodon Feed
Reblogged by nadim@symbolic.software ("Nadim Kobeissi"):
scottarc@infosec.exchange ("Scott Arciszewski") wrote:
So funny story about this PuTTY vulnerability https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-p521-bias.html
Literally every time I've ever reviewed an ECDSA over P-521 implementation, this was the absolute first thing I thought to look for. I've never actually found an implementation in the wild that was susceptible to this sort of weakness, but it seemed like a foot-gun that someone would implement eventually.
Turns out, it was PuTTy. Incredible.