Methods and apparatuses for managing tables of security associations (SA) are described. A device driver operating in an environment, for example, NDIS, where a unique handle is selected for each transmit SA and the SPI for each receive SA is selected with a random algorithm, divides transmit SAs from receive SAs in separate tables. An SA lookup table having a whole binary number of entries that is the lowest binary number greater than five times the number of SAs supported by the device driver contains information to match an SA to a data packet, and locate the SA in memory. The lookup table is searched using a bit-wise AND hash function.