Numbers in cryptography are far beyond “astronomical” but it’s still so easy to make a mess by trying to shortcut them. It appears (?) that the PuTTY SSH client short-changed the ECDSA signature algorithm by 9 bits of entropy (viz: it reduced the desired random, entropic space to 1/512th of its expected size — aaaaand chaos ensued.

Oops.

Via: https://infosec.exchange/@tqbf/112277259036150138