Link. (Via @martinstieger.) The best explanation of factor-based cryptography I’ve read. No mention of NSA btw. "it would be a colossal fluke to see even one duplicated RSA prime, and finding 64,000 of them is clear evidence that those primes are not being chosen uniformly at random."