Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2012-2417

PyCrypto before 2.6 does not produce appropriate prime numbers when using an ElGamal scheme to generate a key, which reduces the signature space or public key space and makes it easier for attackers to conduct brute force attacks to obtain the private key.

Related bugs and status

CVE-2012-2417 (Candidate) is related to these bugs:

Bug #985164: ElGamal key generation is broken

Summary				In	Importance	Status
	985164	ElGamal key generation is broken		Python-Crypto	High	Fix Released

See the

CVE page on Mitre.org for more details.

References

MLIST: [oss-security] 2012052...
MISC: https://bugs.launchpad...
MISC: https://github.com/Leg...
CONFIRM: https://github.com/dli...
FEDORA: FEDORA-2012-8392
FEDORA: FEDORA-2012-8470
FEDORA: FEDORA-2012-8490
BID: 53687
OSVDB: 82279
SECUNIA: 49263
SUSE: openSUSE-SU-2012:0830
DEBIAN: DSA-2502
MANDRIVA: MDVSA-2012:117
XF: pycrypto-keys-weak-sec...