What Is PuTTY? (And What You Need to Know about Elliptic Curve Cryptography)
PuTTY is an open source application that allows you to connect remotely to many different types of systems, over various communication protocols. However, PuTTY is most famously used for SSH connects from Windows systems to Unix-based systems. This application allows you to connect your private SSH keys and enter passphrases for remote connections.
PuTTY has been around since the early 2000s, and nobody is really sure what the name stands for.
So What’s New with PuTTY in 2017?
This age-old adage applies here: “If it ain’t broke, don’t fix it.” PuTTY, being a widely used and open source application, doesn’t really go through a lot of enhancements and upgrades. Most of the changes that are done year over year are security or bug fixes, and keeping up with changes to communication protocols.
Early 2017 saw the availability of PuTTY as a 64-bit client, as well as the support for elliptic curve cryptography. Most other updates thus far in 2017 are focused on security fixes, with the emphasis on DLL hijacking.
So that’s it! Nothing really amazing to capture here with such a well-built and commonly used application. However, I thought I’d spend a little time talking about elliptic-curve cryptography, because, why not?
What Is Elliptic Curve Cryptography?
Elliptic Curve cryptography is another, more recently developed form of public-key cryptography. Cryptography–specifically, public-key cryptography–is generally based on some type of mathematically impossible challenge. For example, the typical RSA public/private keypairs are based on two very large prime numbers that are nearly impossible to factor without a lot of computing power and lot of time. Elliptic Curve is another form of a mathematical challenge that is even more difficult to solve, based on “finding the discrete logarithm of a random elliptic curve element with respect to a publicly known base point”.
NIST approves and recommends the use of elliptic curve cryptography.
One of the main advantages? It’s reportedly more secure than the Prime number cryptography, with smaller key sizes, thus allowing for faster encryption/decryption.
RJ Gazarekhas nearly 10 years of experience in Marketing from government contracting to cybersecurity. While most of his career was focused on demand generation for small business, he’s recently found a thrill in bringing a structured Product Marketing program to a high velocity organization. With a background in IT and a degree in Psychology, RJ is able to help accelerate product initiatives at Thycotic that center on understanding what our customers need and how to help provide them with the tools that protect them from catastrophic data breaches.
This guest blog is part of a Channel Futures sponsorship.