The strength of the encryption used now to protect banking and e-commerce transactions on many Web sites may not be effective in as few as five years, a cryptography expert has warned after a new distributing key-cracking achievement.

Arjen Lenstra, a cryptology professor at the Ecole Polytechnique Fédérale de Lausanne (EPFL) in Switzerland, said the distributed computation project, conducted over 11 months, achieved the equivalent in difficulty of cracking a 700-bit RSA encryption key, so it doesn't mean transactions are at risk - yet.

But "it is good advanced warning" of the coming dusk of 1024-bit RSA encryption, widely used now for Internet commerce, as computers and mathematical techniques become more powerful, Lenstra said.

The RSA encryption algorithm uses a system of public and private keys to encrypt and decrypt messages. The public key is calculated by multiplying two very large prime numbers. By identifying the two prime numbers used to create someone's public key, it's possible to calculate that person's private key and decrypt messages. But determining the prime numbers that make up a huge integer is nearly impossible without lots of computers and lots of time.

Computer science researchers, however, have plenty of both.

Using between 300 and 400 off-the-shelf laptop and desktop computers at EPFL, the University of Bonn and Nippon Telegraph and Telephone Corp. in Japan, researchers factored a 307-digit number into two prime numbers.

Lenstra said they carefully selected a 307-digit number whose properties would make it easier to factor than other large numbers: that number was 2 to the 1039th power minus 1.

Still, the calculations took 11 months, with the computers using special mathematical formulas created by researchers to calculate the prime numbers, Lenstra said.

Even with all that work, the researchers would only be able to read a message encrypted with a key made from the 307-digit number they factored. But systems using the RSA encryption algorithm assign different keys to each user, and to break those keys, the process of calculating prime numbers would have to be repeated.

The ability to calculate the prime number components of the current RSA 1024-bit public keys remains five to 10 years away, Lenstra said. Those numbers are typically generated by multiplying two prime numbers with around 150 digits each and are harder to factor than Lenstra's 307-digit number.

The next target for Lenstra is factoring RSA 768-bit and eventually 1024-bit numbers. But even before those milestones are met, Web sites should be looking toward stronger encryption than RSA 1024-bit.

"It is about time to change," Lenstra said.