PuTTY vulnerability vuln-p521-bias
https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-p521-bias.html [www.chiark.greenend.org.uk]
2024-04-15 20:42
In all of those cases except P521, the bias introduced by reducing a 512-bit number mod q is negligible. But in the case of P521, where q has 521 bits (i.e. more than 512), reducing a 512-bit number mod q has no effect at all – you get a value of k whose top 9 bits are always zero.
CVE-2024-31497