The Python implementation of DSA signing improperly called
random.randint(), which is not a cryptographically strong source of
randomness. These bits were used to generate the 'k' parameter in DSA
signed messages. Predictable 'k' values used in signed messages could
potentially leak private signing keys.
This issue has been addressed by changing the signing code to call
Python users should update to the latest version:
Key generation is not affected by this issue. Random bytes were either
generated using PyCrypto's RandomPool or through PyCrypto's asymmetric
I'd like to invite comments here on random number generation in
Python. I have not looked closely at random.SystemRandom() or
PyCrypto's RandomPool. If there are outstanding issues or suggestions,
please share them.