Debian Bug report logs -
#661152
puttygen 2048 bit rsa keys have 2047 bit fingerprints
Reported by: "Karl O. Pinc" <kop@meme.com>
Date: Fri, 24 Feb 2012 15:39:01 UTC
Severity: normal
Tags: upstream
Found in version putty/0.60+2010-02-20-1
Fixed in version putty/0.62-6
Done: Colin Watson <cjwatson@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, Colin Watson <cjwatson@debian.org>:
Bug#661152; Package putty.
(Fri, 24 Feb 2012 15:39:06 GMT) (full text, mbox, link).
Acknowledgement sent
to "Karl O. Pinc" <kop@meme.com>:
New Bug report received and forwarded. Copy sent to Colin Watson <cjwatson@debian.org>.
(Fri, 24 Feb 2012 15:39:09 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: putty
Version: 0.60+2010-02-20-1
Severity: normal
Tags: upstream
Hi,
When making 2048 bit rsa keys with puttygen about half the time
puttygen reports the key to be 2047 bits in the fingerprint.
I tried this with the putty snapshot putty-0.62-2012-02-24.tar.gz
as well (from
http://tartarus.org/~simon/putty-snapshots/putty.tar.gz
)
To reproduce do something like:
for i in 1 2 3 4 5 6 7 8 9 10 ; do
../putty-0.62-2012-02-24/puttygen -o foo$i.ppk -C 'some comment' \
-t rsa -b 2048
../putty-0.62-2012-02-24/puttygen foo$i.ppk -l
done
-- System Information:
Debian Release: 6.0.4
APT prefers stable
APT policy: (500, 'stable')
Architecture: i386 (i686)
Kernel: Linux 2.6.32-5-686 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages putty depends on:
ii libatk1.0-0 1.30.0-1 The ATK accessibility toolkit
ii libc6 2.11.3-2 Embedded GNU C Library: Shared lib
ii libcairo2 1.8.10-6 The Cairo 2D vector graphics libra
ii libfontconfig1 2.8.0-2.1 generic font configuration library
ii libfreetype6 2.4.2-2.1+squeeze3 FreeType 2 font engine, shared lib
ii libglib2.0-0 2.24.2-1 The GLib library of C routines
ii libgtk2.0-0 2.20.1-2 The GTK+ graphical user interface
ii libpango1.0-0 1.28.3-1+squeeze2 Layout and rendering of internatio
ii libx11-6 2:1.3.3-4 X11 client-side library
ii putty-tools 0.60+2010-02-20-1 command-line tools for SSH, SCP, a
putty recommends no packages.
Versions of packages putty suggests:
pn putty-doc <none> (no description available)
-- no debconf information
Information forwarded
to debian-bugs-dist@lists.debian.org, Colin Watson <cjwatson@debian.org>:
Bug#661152; Package putty.
(Fri, 24 Feb 2012 15:51:03 GMT) (full text, mbox, link).
Acknowledgement sent
to "Karl O. Pinc" <kop@meme.com>:
Extra info received and forwarded to list. Copy sent to Colin Watson <cjwatson@debian.org>.
(Fri, 24 Feb 2012 15:51:03 GMT) (full text, mbox, link).
Message #10 received at 661152@bugs.debian.org (full text, mbox, reply):
Hi,
Looking at the keys with openssl (after
converting to openssh-private with puttygen)
it seems some of the keys themselves are 2047 bits.
for f in $(ls) ; do
puttygen $f -O private-openssh -o /dev/stdout \
| openssl rsa -text
done
Karl <kop@meme.com>
Free Software: "You don't pay back, you pay forward."
-- Robert A. Heinlein
Information forwarded
to debian-bugs-dist@lists.debian.org:
Bug#661152; Package putty.
(Sun, 04 Mar 2012 16:03:11 GMT) (full text, mbox, link).
Acknowledgement sent
to Colin Watson <cjwatson@debian.org>:
Extra info received and forwarded to list.
(Sun, 04 Mar 2012 16:03:11 GMT) (full text, mbox, link).
Message #15 received at 661152@bugs.debian.org (full text, mbox, reply):
On Fri, Feb 24, 2012 at 09:34:31AM -0600, Karl O. Pinc wrote:
> When making 2048 bit rsa keys with puttygen about half the time
> puttygen reports the key to be 2047 bits in the fingerprint.
http://the.earth.li/~sgtatham/putty/0.62/htmldoc/Chapter8.html#puttygen-strength
"Note that an RSA key is generated by finding two primes of half the
length requested, and then multiplying them together. For example, if
you ask PuTTYgen for a 1024-bit RSA key, it will create two 512-bit
primes and multiply them. The result of this multiplication might be
1024 bits long, or it might be only 1023; so you may not get the exact
length of key you asked for. This is perfectly normal, and you do not
need to worry. The lengths should only ever differ by one, and there is
no perceptible drop in security as a result."
That said, since this frequently confuses users, I might backport the
recent upstream change to ensure that some of the top bits are always
set.
--
Colin Watson [cjwatson@debian.org]
Reply sent
to Colin Watson <cjwatson@debian.org>:
You have taken responsibility.
(Sun, 04 Mar 2012 17:09:12 GMT) (full text, mbox, link).
Notification sent
to "Karl O. Pinc" <kop@meme.com>:
Bug acknowledged by developer.
(Sun, 04 Mar 2012 17:09:12 GMT) (full text, mbox, link).
Message #20 received at 661152-close@bugs.debian.org (full text, mbox, reply):
Source: putty
Source-Version: 0.62-6
We believe that the bug you reported is fixed in the latest version of
putty, which is due to be installed in the Debian FTP archive:
pterm_0.62-6_i386.deb
to main/p/putty/pterm_0.62-6_i386.deb
putty-doc_0.62-6_all.deb
to main/p/putty/putty-doc_0.62-6_all.deb
putty-tools_0.62-6_i386.deb
to main/p/putty/putty-tools_0.62-6_i386.deb
putty_0.62-6.debian.tar.gz
to main/p/putty/putty_0.62-6.debian.tar.gz
putty_0.62-6.dsc
to main/p/putty/putty_0.62-6.dsc
putty_0.62-6_i386.deb
to main/p/putty/putty_0.62-6_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 661152@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Colin Watson <cjwatson@debian.org> (supplier of updated putty package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sun, 04 Mar 2012 16:09:28 +0000
Source: putty
Binary: pterm putty putty-tools putty-doc
Architecture: source i386 all
Version: 0.62-6
Distribution: unstable
Urgency: low
Maintainer: Colin Watson <cjwatson@debian.org>
Changed-By: Colin Watson <cjwatson@debian.org>
Description:
pterm - PuTTY terminal emulator
putty - Telnet/SSH client for X
putty-doc - PuTTY HTML documentation
putty-tools - command-line tools for SSH, SCP, and SFTP
Closes: 661152
Changes:
putty (0.62-6) unstable; urgency=low
.
* Backport from upstream (Simon Tatham, Jacob Nevins):
- Generate keys more carefully, so that when the user asks for an n-bit
key they always get an n-bit number instead of n-1. The latter was
perfectly harmless but kept confusing users (closes: #661152).
Checksums-Sha1:
3ec8353697a8ec1d196ac8bdaf3b8174a7ffd988 2017 putty_0.62-6.dsc
4bb841603f516daa528d2f10ac963167ef6e1d17 15693 putty_0.62-6.debian.tar.gz
e41df5dbc2e40f485104f52d1379a3cd472bfbd3 197482 pterm_0.62-6_i386.deb
aab213cc18642beb0eabda45c657fb4a003bd0f4 337346 putty_0.62-6_i386.deb
f4a4763e659f429efbc1feeda4d116c5a9deaac5 689800 putty-tools_0.62-6_i386.deb
855f36bcd14aa004ff4876f9b16425b31d98b4c5 173602 putty-doc_0.62-6_all.deb
Checksums-Sha256:
237e2cc2cb15d4f51b187ed850cd64720b83ac2bb9a63093bfd29fecd12919e4 2017 putty_0.62-6.dsc
7e38d0885225a7b395ab1cc16c7624b04da07aecc979b3584ea73defb006e5aa 15693 putty_0.62-6.debian.tar.gz
9c22af03c61c685ad8c825ebb8bb651e5653d01483e9772b6bf8595d8c67a67a 197482 pterm_0.62-6_i386.deb
2c5253d243c1f1ba4cf3cc71d4ef33119f6d0887908438ec0b2bc4d8e13aaba3 337346 putty_0.62-6_i386.deb
3b684f1bb4e0251ae2d8ce2dbb1d6ee3e27244e2dbe22d8e5e414e52a31a0c93 689800 putty-tools_0.62-6_i386.deb
d8dc723e817cbb667119e2d82561cf11e517d9e825322a4c1f9e738e9309f83e 173602 putty-doc_0.62-6_all.deb
Files:
992ed4fd259300ac8306386adbfc1b7a 2017 net optional putty_0.62-6.dsc
99828b748f55ee635e4077d7105fbce3 15693 net optional putty_0.62-6.debian.tar.gz
3c4eb95eca221bf2f51da2bc9f551aeb 197482 x11 optional pterm_0.62-6_i386.deb
69c926449312fc5f942014ad5e9ab30f 337346 net optional putty_0.62-6_i386.deb
aae0545934709482748f5c4dcaa1dc5b 689800 net optional putty-tools_0.62-6_i386.deb
b593940e4edce5617a35f0639a400de5 173602 doc optional putty-doc_0.62-6_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Colin Watson <cjwatson@debian.org> -- Debian developer
iQIVAwUBT1OcYzk1h9l9hlALAQjL9Q//Zcb/RZH9zVjHLw8B8NW6cg86eLJ6K6vD
RaAyXb5AVfEaZre1QPuun3iRNwiU0WwYpiE6UZURbL0AFgx+LIk144OAMZwsSZPX
uCh43VHAcfX5DBMv0TIOZWGDqXPJtbk1vAYw0CCIW4+wvM7zHcR7ESZDQz0GH9T4
EVky4vB9oBU5wzjZvDaW2H7bP67TV9XcbNoOYUIWsmW2xcmYZbpeX/dJoWkOxtdC
LPbNShmS0B9kI1ZK5+34aDww5ExJTzsAEw8meb8zKEtjzuK4qqBg6dw0cA8uof9e
lFBbwkKqehuog3NeUfZLxTHG8uF9cTbI1QBx8Y7wYhAFR9R2fzCel4yod8UyKSAI
Xsrx9cSYnVVQZK0thMyuBenEpnx7yhudAydo3VwHI0GaBLRho2LFsY0hcACjaPTh
yqcQtZkk75XSNus76Aw1RCB8NxQqK7VOpfl41CA7El1WtsEWJLkbQu5sr3yampEe
lR7bbqJANW9GC5fqBJl3LKF802u1YjfO7+cuEMZQvshWtpXK+JjqFSYC7cTM2LgO
UcsAu44zTsUxnSswhT/7Aj+x9ZHZsB36AhDK3Pb/xEP+jbFtkFPioJ5a4YTeQHPl
OEGdpI3S8FpcVhcqc6M0ph4qc9MTeMLtdsWIsc0d8+kp7h+8VCGoqpdHmIohmpkm
hnlekht48FE=
=NhAn
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Thu, 12 Apr 2012 07:38:24 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Sat Mar 25 17:37:48 2023;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.