The announcement is here. Following are some details:

Sieving has been done on 80 2.2 GHz Opteron CPUs and took 3 months. The matrix step was performed on a cluster of 80 2.2 GHz Opterons connected via a Gigabit network and took about 1.5 months.
Calendar time for the factorization (without polynomial selection) was 5 months.

As usual nowadays, the factoring was done using the

General Number Field Sieve, the best description of which can be found in

this article by Carl Pomerance (note that some knowledge of algebraic number theory is required); prior to the discovery of the GNFS, the

Quadratic Sieve was the fastest known factoring method (and a heck of a lot better than ye olde

Sieve of Eratosthenes).

What are the security implications of this announcement? That RSA-640 took a mere 80 Opteron machines and less than 2 months to crack says to me that no RSA-key with a length of 768 bits or less is worth anything against any security agencies worth a damn, and even 1024-bit keys don't offer more than illusory security where the likes of the NSA or GCHQ are concerned - for one thing, they probably know faster ways of attacking the problem than have been published, and the NSA in particular has a lavish enough budget to pay for some truly incredible hardware. Any outfit which hasn't already moved to using 2048-bit or longer keys and isn't in the process of doing so is simply being stupid.

PS: Here are the rest of the RSA challenge numbers.

[Via Slashdot.]

## Recent Comments