I am wondering how PuTTY stacks up against other SSH implementations with respec

Question

I am wondering how PuTTY stacks up against other SSH implementations with respect to scrutiny and security of its SSH2 protocol implementation.

PuTTY is probably the most-used SSH client on the Windows platform, so its importance cannot be understated.

I am aware that there have been several very crafty attacks in past years against SSL/TLS implementations (and, also, against the protocols themselves, but that is another issue).

In that light, I wonder if anyone has done work to validate/break SSH clients on the Windows platform and whether PuTTY fares well.

Explanation / Answer

Putty being open-source, there have been a number of informal security audits, some resulting in vulnerability reports and patches.

There may have also been some formal security audits commissioned by users of the product. Some searching revealed a bit of unverifiable evidence of such, but most importantly:

Simon doesn't advertise or reference any official audit of his code. Any audits done were done by a private party, for a private party, and may not have been scoped in such a way as to be applicable to your circumstances.

Related Questions

Navigate

• Browse (All)
• Browse I
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.