Minimal key lengths for symmetric ciphers for commercial security
[14 February 1996]
The Business Software Alliance, an industry organization devoted to
preventing software piracy, hired Matt Blaze, Whitfield Diffie, Ron L.
Rivest, Bruce Schneier, Tsutomu Shimomura, Eric Thompson and Michael
Wiener to provide an estimate of the key lengths needed to protect
commercial information under symmetric ciphers. The group's answers?
"keys used to protect data today should be at least 75 bits long.
To protect information adequately for the next 20 years in the face of
expected advances in computing power, keys in newly-deployed systems
should be at least 90 bits long." The full report (apparently the
product of a one-day meeting of the group in Chicago on November 20)
is available at: