<P> In 2009, Benjamin Moody factored an RSA - 512 bit key in 73 days using only public software (GGNFS) and his desktop computer (a dual - core Athlon64 with a 1,900 MHz cpu .). Just less than five gigabytes of disk storage was required and about 2.5 gigabytes of RAM for the sieving process . The first RSA - 512 factorization in 1999 required the equivalent of 8,400 MIPS years, over an elapsed time of about seven months . </P> <P> Rivest, Shamir, and Adleman noted that Miller has shown that--assuming the truth of the Extended Riemann Hypothesis--finding d from n and e is as hard as factoring n into p and q (up to a polynomial time difference). However, Rivest, Shamir, and Adleman noted, in section IX / D of their paper, that they had not found a proof that inverting RSA is equally as hard as factoring . </P> <P> As of 2010, the largest factored RSA number was 768 bits long (232 decimal digits, see RSA - 768). Its factorization, by a state - of - the - art distributed implementation, took around fifteen hundred CPU years (two years of real time, on many hundreds of computers). No larger RSA key is known publicly to have been factored . In practice, RSA keys are typically 1024 to 4096 bits long . Some experts believe that 1024 - bit keys may become breakable in the near future or may already be breakable by a sufficiently well - funded attacker, though this is disputable . Few people see any way that 4096 - bit keys could be broken in the foreseeable future . Therefore, it is generally presumed that RSA is secure if n is sufficiently large . If n is 300 bits or shorter, it can be factored in a few hours in a personal computer, using software already freely available . Keys of 512 bits have been shown to be practically breakable in 1999 when RSA - 155 was factored by using several hundred computers, and these are now factored in a few weeks using common hardware . Exploits using 512 - bit code - signing certificates that may have been factored were reported in 2011 . A theoretical hardware device named TWIRL and described by Shamir and Tromer in 2003 called into question the security of 1024 bit keys . It is currently recommended that n be at least 2048 bits long . </P> <P> In 1994, Peter Shor showed that a quantum computer--if one could ever be practically created for the purpose--would be able to factor in polynomial time, breaking RSA; see Shor's algorithm . </P>

Generate public and private keys using rsa algorithm