Comment 8 for bug 985164

Mike Doherty (doherty) wrote :

How can the user know whether they have an ElGamal key generated by the vulnerable versions of PyCrypto? For example, it is not stated in USN-1484-1 whether this library is used by Seahorse. The security notice also did not specify that users should replace the potentially-vulnerable keys. Even more disappointing, the notice states that "The problem can be corrected by updating your system..." Well, the software may be fixed, but the potentially-insecure keys are not magically made more secure by upgrading PyCrypto.