Putty / Pageant vulnerability - NIST P521 private keys are exposed by biased signature generation

[numericOverflow]

Does Keeagent have this vulnerability?

NIST P521 private keys are exposed by biased signature generation.

https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-p521-bias.html

Summary: NIST P521 private keys are exposed by biased signature generation class: vulnerability: This is a security vulnerability. priority: high: This should be fixed in the next release. absent-in: 0.67 present-in: 0.68 0.69 0.70 0.71 0.72 0.73 0.74 0.75 0.76 0.77 0.78 0.79 0.80 fixed-in: c193fe9848f50a88a4089aac647fecc31ae96d27 (0.81)

Every version of the PuTTY tools from 0.68 to 0.80 inclusive has a critical vulnerability in the code that generates signatures from ECDSA private keys which use the NIST P521 curve. (PuTTY, or Pageant, generates a signature from a key when using it to authenticate you to an SSH server.)

This vulnerability has been assigned CVE-2024-31497. It was discovered by Fabian Bäumer and Marcus Brinkmann of the Ruhr University Bochum; see their write-up on the oss-security mailing list.

[dlech]

No, it does not appear so. When using KeeAgent in "agent" mode, KeeAgent is using the RandomDsaKCalculator class from the BouncyCastle crypto library to generate the k value when signing requests using an ECDSA key. It is not using any code from PuTTY/Pagent for this.

KeeAgent can be used in "client" mode where an affected version Pageant can be used as the SSH agent. But signing requests are not going through KeeAgent in this case, but directly to Pagent. So users of KeeAgent could be affected in this way, but only Pagent needs to be updated in this case.

[numericOverflow]

Awesome, I was hoping that would be the case!