I did a bit of a deep dive into this, in case anyone is interested. I think reading the code is a great way to understand _why_ this vulnerability happened:
Your title says "PuTTY-Generated" but the OP article says "The problem is not with how the key was originally generated; it doesn't matter whether it came from PuTTYgen or somewhere else. What matters is whether it was ever used with PuTTY or Pageant".
The answer being, per that post: author was worried about low quality randomness on Windows and ran it through a sha512 hash function which outputs fewer than 521 bits so the remaining ones will be left zero
Elucalidavah|1 year ago
e79|1 year ago
Any k generation and subsequent signature generation are going to be impacted.
Aachen|1 year ago
e79|1 year ago
ki85squared|1 year ago