@jalcine no, 521 is right! NIST elliptic curve keys...

@jalcine no, 521 is right! NIST elliptic curve keys come in three fixed sizes, and one of them _isn't_ the obvious power of 2.

In fact, the difference between 521 and 512 is exactly the cause of the problem – those 9 extra bits are the amount of information that PuTTY was accidentally leaking about the private key per signature.

Like 16 April at 6:07 | Open on hachyderm.io