Crazy Crypto: Meet CVE-2024–31497
Straight from the School of Cook Your Own Crypto
I review a good deal of cryptography code, and most of the code I observe has some form of vulnerability in its usage — usually though sloppy implementations. For some reason, some of those who create cryptography programs often struggle to understand that the methods they use are “Hazmat” (Hazardous Material) [here], and a single fault could bring down a whole system.
And, so now we see CVE-2024–31497 [here], and which affects PuTTY 0.69 to 0.81 [here]. The vulnerability affected the NIST P-521 private key and which can be revealed from just 60 digital signatures. Overall, NIST P-521 uses the secp521r1 curve and should be one of the most secure signature methods [here]:
Overall, ECDSA uses a nonce value (k) to create a signature. With this, we take a hash of a message and a nonce value, and then create a signature (r,s) using the private key. The signature is then verified with the associated public key: