lib/Crypto/PublicKey/ElGamal.py in PyCrypto through 2.6.1 generates weak ElGamal key parameters, which allows attackers to obtain sensitive information by reading ciphertext data . The Decisional Diffie-Hellman assumption does not hold for PyCrypto"s ElGamal implementation.