...more recent posts
There's no doubt that I don't know enough to judge this one, but if it's true...
Holy shit. The math works. Bernstein has found ways of using additional hardware to eliminate redundancies and inefficiencies which appear in any linear implementation of the Number Field Sieve. We just never noticed that they were inefficiencies and redundancies because we kept thinking in terms of linear implementations. This is probably the biggest news in crypto in the last decade. I'm astonished that it hasn't been louder.Here's the top ranked replies in the slashdot thread. (I don't pay too close attention, but I'm pretty sure this is an unusually high ratio of +5 posts - 21 out of 423.)
Note that there have been rumors of an RSA cracker built by a three-letter agency in custom silicon before this, but until analyzing Bernstein's paper I had always dismissed them as ridiculous paranoid fantasies. Now it looks like such a device is entirely feasible and, in fact, likely.