@Misc{BDRSx96,
  author = 	 { Matt Blaze and Whitfield Diffie and Ronald L. Rivest and Bruce Schneier 
                   and Tsutomu Shinomura and Eric Thompson and Michael Wiener
                 },
  title = 	 { Minimal Key Lengths for Symmetric Ciphers to Provide Adequate Commercial Security },
  howpublished = { Released by the Business Software Alliance (January 1996). },
  date =         { 1996-01 },                  
  OPTmonth = 	 { January },
  OPTyear = 	 { 1996 },
  abstract =     {
        Encryption plays an essential role in protecting the privacy of electronic information against
        threats from a variety of potential attackers. In so doing, modern cryptography employs a 
        combination of conventional or symmetric cryptographic systems for encrypting data and 
        \emph{public key} or \emph{asymmetric} systems for managing the \emph{keys} used by the
        symmetric systems.  Assessing the strength required of the symmetric cryptographic systems
        is therefore an essential step in employing cryptography for computer and communication security. \par
        Technology readily available today (late 1995) makes \emph{brute-force} attacks against
        cryptographic systems considered adequate for the past several years both fast and cheap.
        General purpose computers can be used, but a much more efficient approach is to employ
        commercially available Field Programmable Gate Array (FPGA) technology. For attackers
        prepared to make a higher initial investment, custom-made, special-purpose chips make such
        calculations much faster and significantly lower the amortized cost per solution. \par
        As a result, cryptosystems with 40-bit keys offer virtually no protection at this point against
        brute-force attacks. Even the U.S. Data Encryption Standard with 56-bit keys is increasingly
        inadequate. As cryptosystems often succumb to `smarter' attacks than brute-force key search,
        it is also important to remember that the keylengths discussed here are the minimum needed for
        security against the computational threats considered. \par
        Fortunately, the cost of very strong encryption is not significantly greater than that of weak
        encryption. Therefore, to provide adequate protection against the most serious threats --- 
        well-funded commercial enterprises or government intelligence agencies --- keys used to
        protect data today should be at least 75 bits long. To protect information adequately
        for the next 20 years in the face of expected advances in computing power, keys in
        newly-deployed systems should be at least 90 bits long.
                 },                  
}