Minimal key lengths for symmetric ciphers to provide adequate commercial security (1996)

by M Blaze, W Di±e, R L Rivest, B Schneier, T Shimomura, E Thompson, M Wiener