The RSA cryptosystem is very widely used. A particularly visible application is to protect and authenticate e-commerce transactions and it has been estimated that about 95% of all web-based e-commerce uses 512-bit RSA keys. As the security of RSA is no better than the difficulty of factoring a key's public modulus, progress in integer factorisation directly measures the security of RSA keys of any particular size.
In this talk, I describe how a fairly small team performed the first hard 512-bit integer factorisation using an improved version of the General Number Field Sieve. We conclude that 512-bit RSA keys are already vulnerable to small teams of dedicated attackers and expect that within two or three years the technology to break them will be widely available.