Thanks for the info! For busy readers, I suggest reading section 6.3
"Lessons". I will try to give a short summary (quote + paraphrase) of section
1. 1024-bit primes should be considered insecure for cryptosystems based on
the difficulty of computing discrete log.
2. Trapdoor for a 2048-bit key is roughly equivalent to computation for a
1340-bit key. This is safe for NOW, but the authors raise concern that these
keys are likely to remain in wide use in the future, suggesting standardized
primes should be publish with their seeds.
3. Dismissing the risk of trapdoored primes in the 90s appears to be a
mistake, publishing the seed should be a requirement rather than optional.
Finally, I am studying elementary number theory right now. It is interesting
to see how it is used!