I've talked to Martin Hellman quite a few times (he came to my last crypto conference and gave an overview of the field), he has never said that he could crack true DES. When DES first came out, he was one of the people most actively opposing the 56 bit key as being too small. At the time, he estimated that a machine of parallel processors could be built for $10M that would crack DES keys easily. DES at the time was only supposed to be for 10 years and then a new system was supposed to replace it. Today, he advocates for security that you triple-DES your communications/files. At last word (and I may have missed any advancements in the flame wars on sci.crypt), Shamir and Biham had cracked up to 2^^46, thats still quite a ways computationally from 2^^56. Dave