Minimal key lengths for symmetric ciphers for commercial security

[14 February 1996] The Business Software Alliance, an industry organization devoted to preventing software piracy, hired Matt Blaze, Whitfield Diffie, Ron L. Rivest, Bruce Schneier, Tsutomu Shimomura, Eric Thompson and Michael Wiener to provide an estimate of the key lengths needed to protect commercial information under symmetric ciphers. The group's answers? "keys used to protect data today should be at least 75 bits long. To protect information adequately for the next 20 years in the face of expected advances in computing power, keys in newly-deployed systems should be at least 90 bits long." The full report (apparently the product of a one-day meeting of the group in Chicago on November 20) is available at: [http://www.bsa.org/bsa/cryptologists.html]