Minimal key lengths for symmetric ciphers to provide adequate commercial security, www.bsa.org/policy/encryption/ cryptographers c.html (1996)

by M Blaze, W Diffie, R L Rivest, B Schneier, T Shimomura, E Thompson, M Wiener