Tim Keller via WLUG <wlug@lists.wlug.org> writes:

> Putty just announced that versions earlier than 0.80 were generating
> ecdsa-sha2-nistp521 that were flawed..
>
> If you have any of these keys lying around, destroy them and regenerate keys.

I had never heard of Putty, but this sounded dire.  There are many
things that I never heard of that are installed by my Linux distribution
(Debian) and are essential for it's operation.  Do I have putty keys
lying around?

I Google search reveals that this question has been asked by many other
people and answered by many more people who have no idea what they are
talking about.

My current best guess is that PuTTy is a MeSs-Windows implementation of
the ssh protocol that has been ported to Linux, for no good reason since
the ssh program works better.

Therefore I plan to ignore this dire warning.

Does anybody think I am mistaken?

   -- Keith

PS: In any case, this particular "security vulnerability" seems like it
might be something to worry about iff you work for the CIA and think
that the KGB may be spending mega-$ and years of work to steal your
secrets.  Nobody wants to steal my secrets.  I am more worried that some
random thug might break a window and steal my computer.
_______________________________________________
WLUG mailing list -- wlug@lists.wlug.org
To unsubscribe send an email to wlug-leave@lists.wlug.org
Create Account: https://wlug.mailman3.com/accounts/signup/
Change Settings: https://wlug.mailman3.com/postorius/lists/wlug.lists.wlug.org/
Web Forum/Archive: https://wlug.mailman3.com/hyperkitty/list/wlug@lists.wlug.org/message/6RYVLLAPIW5DGR7J73UUPYDKEXEXF7SO/