(I tried posting on this a couple of days ago, but I never saw the message. Apologies if this is a rehash.) Kent Borg makes a good point that our 128-bit IDEA keys are generated by pass phrases of typically a few dozen bits. He suggests doing things to slow down the process of turning a pass phrase into a key, perhaps by iterating MD5 multiple times. A similar thing is done in the SecureDrive software as well as in RSA's Public Key Cryptography Standards (PKCS). The problem is that this doesn't help all that much. If you slow down the process by, say, a factor of 1000, that is about equivalent to adding 10 bits of entropy to the pass phrase (either way would slow down the searcher by that much). 10 bits is perhaps nothing to sneeze at but it doesn't really solve the problem. I suspect that Kent is right that most pass phrases don't have over 50 or 60 bits of entropy, far below the 128 bits of protection that we like to think IDEA is giving us. Hal