@simontatham did you mean a 512-bit key?
3 comments
@jalcine no, 521 is right! NIST elliptic curve keys come in three fixed sizes, and one of them _isn't_ the obvious power of 2. In fact, the difference between 521 and 512 is exactly the cause of the problem – those 9 extra bits are the amount of information that PuTTY was accidentally leaking about the private key per signature. |
@jalcine it's correct as written, but it's easy to mistake it for a typo if you're expecting powers of 2 (as with key lengths for non-elliptic-curve cryptography)