Code and Cipher, published quarterly by Certicom Corp., is an educational newsletter that covers the security and cryptography industry. In each issue we will examine security issues and cryptography trends in an objective manner. We welcome your thoughts, opinions and comments on anything that affects the industry. Please send your feedback on this issue and what you’d like to see in upcoming ones to:

Klima, Pokorny and Rosa discovered a weakness in the RSA-based SSL/TLS protocol that highlights the vulnerability of web servers that use OpenSSL. In fact, practical tests showed that two-thirds of randomly chosen SSL/TLS web servers were vulnerable to compromise.

William Tutte: A Tribute

World-renowned mathematician, Tutte played a key role in breaking Fish, a series of German military codes for encrypting communications. No easy feat, his work has been hailed as "the greatest intellectual feat of the whole war." Learn more about his inspiring work as a master codebreaker.

  • Proos Cracks NTRU
  • Validation for Elliptic Curve Public Keys
  • Factoring for 1024 bit RSA keys

Are current public key sizes big enough? In this first installment of his column, Scott Vanstone examines concerns that have been recently raised about the security of 1024-bit RSA. New research shows that it is possible to crack 1024-bit RSA in less than a year.

NIST now specifies the Advanced Encryption Standard (AES) as the new standard for symmetric encryption. To ensure strong security, AES must be matched in strength by an equivalent public key algorithm. Not all public key algorithms are created equal, however. This article examines the performance advantages of ECC (Elliptic Curve Cryptography) over other options.