PuTTY 0.68 is released

Simon Tatham anakin at pobox.com
Tue Feb 21 18:59:10 GMT 2017

PuTTY version 0.68 is released

All the pre-built binaries, and the source code, are now available
from the PuTTY website at


This is mostly a feature update, but it also includes security fixes:

 - Fixed a security vulnerability in the agent forwarding code. An
   agent forwarding client could overwrite PuTTY's memory by sending a
   particular kind of illegally formatted message. However, that is
   less worrying than it sounds, because if a hostile client can
   access your agent forwarding then you have other problems anyway!

 - Fixed the widespread DLL hijacking issue seen in many Windows
   programs. PuTTY should no longer accidentally load DLLs with
   special names like 'ntmarta.dll' if they are in the same directory
   as its executable file.

 - Enabled some system security features in Windows PuTTY: Address
   Space Layout Randomisation and Data Execution Prevention.

If any of those concerns you, you should upgrade as soon as possible.

We have also turned *off* (by default) the previous security feature
in which Windows PuTTY restricted its process ACL to make it harder
for malware to inject code into a running PuTTY. This feature was
causing too much assorted trouble with legitimate processes trying to
interoperate with PuTTY, ranging from screen reader software such as
NVDA to programs using Plink as a transport such as TortoiseGit. So
it's now off by default, but you can re-enable it using the
command-line option '-restrict-acl'.

That's enough about security. We also have lots of new features in
PuTTY 0.68:

 - Support for elliptic-curve cryptography. PuTTY now supports public
   and private keys using the Ed25519 signature algorithm, and also
   the ECDSA algorithm using the three standard NIST curves. These
   keys are supported for both user authentication and as host keys.
   Also, elliptic-curve key exchange with both sets of curves is
   supported (called 'Curve25519' and 'ECDH' respectively).

 - PuTTYgen can now import and export keys in OpenSSH's newer file
   format. (This is necessary for elliptic curve keys, but older key
   algorithms like RSA are sometimes stored in the new format too.)

 - When connecting to a server, PuTTY will now automatically prefer to
   use a host key it already knows. But once you're connected, it also
   has a new option to download the server's other host keys securely
   over its existing connection and add them to its database so it can
   use them next time. So if you want to upgrade to using elliptic-
   curve keys for your existing servers, you can do that, and if you
   don't care, then PuTTY shouldn't bother you about it.

 - Windows: we are now offering a 64-bit version of PuTTY! This is
   less well tested (so far), but it does its cryptography faster
   during connection setup, and it can also load 64-bit DLLs if you
   need that for some reason (e.g. GSSAPI).

 - Unix: the Unix GUI tools can now be built with GTK version 3, which
   offers improved font rendering and better support for precise
   trackpad scrolling.

 - Unix: we now have a Unix version of Pageant.

Enjoy using PuTTY!


for k in [pow(x,37,0x1a1298d262b49c895d47f) for x in [0x50deb914257022de7fff,
0x213558f2215127d5a2d1, 0x90c99e86d08b91218630, 0x109f3d0cfbf640c0beee7,
0xc83e01379a5fbec5fdd1, 0x19d3d70a8d567e388600e, 0x534e2f6e8a4a33155123]]:
 print "".join([chr(32+3*((k>>x)&1))for x in range(79)]) # <anakin at pobox.com>

More information about the PuTTY-announce mailing list