Tim Keller via WLUG <wlug@lists.wlug.org> writes:
Putty just announced that versions earlier than 0.80 were generating ecdsa-sha2-nistp521 that were flawed..
If you have any of these keys lying around, destroy them and regenerate keys.
I had never heard of Putty, but this sounded dire. There are many things that I never heard of that are installed by my Linux distribution (Debian) and are essential for it's operation. Do I have putty keys lying around? I Google search reveals that this question has been asked by many other people and answered by many more people who have no idea what they are talking about. My current best guess is that PuTTy is a MeSs-Windows implementation of the ssh protocol that has been ported to Linux, for no good reason since the ssh program works better. Therefore I plan to ignore this dire warning. Does anybody think I am mistaken? -- Keith PS: In any case, this particular "security vulnerability" seems like it might be something to worry about iff you work for the CIA and think that the KGB may be spending mega-$ and years of work to steal your secrets. Nobody wants to steal my secrets. I am more worried that some random thug might break a window and steal my computer.