[ GLSA 201206-23 ] PyCrypto: Weak key generation

GLSA · Advocate Joined: 12 May 2004 Posts: 2663

Gentoo Linux Security Advisory

Title: PyCrypto: Weak key generation (GLSA 201206-23)
Severity: normal
Exploitable: remote
Date: June 24, 2012
Bug(s): #417625
ID: 201206-23

Synopsis

PyCrypto generates weak ElGamal keys.

Background

PyCrypto is the Python Cryptography Toolkit.

Affected Packages

Package: dev-python/pycrypto
Vulnerable: < 2.6
Unaffected: >= 2.6
Architectures: All supported architectures

Description

An error in the generate() function in ElGamal.py causes PyCrypto to
generate weak ElGamal keys.

Impact

A remote attacker might be able to derive private keys.

Workaround

There is no known workaround at this time.

Resolution

All PyCrypto users should upgrade to the latest version: