I find it EXTREMELY hard to believe that single DES isn't good enough for
any purpose other than protecting national security. If you are a terrorist,
conspirator, or hard-core criminal, you would be better off using something
that wouldn't draw so much attention to you in any case.
It depends on how long you expect your encrypted messages to lie around.
I would argue that DES as it stands today is not suitable for data that
needs to be protected over 2 or 3 years even against modest adversaries.
(Letting those DEC alphas run at night can be pretty effective!)
Perhaps so, but not for cracking DES. Under the most optimistic of
assumptions,
one can expect an average search time of over 1000 years with an alpha
(2000-4000 years is more realistic). Putting together a network of a thousand
of them to do it in a year is not unthinkable (there would be one happy
salesman!), but would be difficult to do so covertly and in any case would not
be a "modest adversary".
Software based attacks on DES may be a realistic threat if you look 10-20 years
out, but for now it's a hardware hackers game.
--charlie
(kaufman(_at_)zk3(_dot_)dec(_dot_)com)