Derek Atkins says:
Breaking IDEA would take a brute force attack (2^128 keys) unless something better comes up.
Its generally unwise to make the assumption that the only possible attack on your conventional scheme is a brute force attack. Certainly the attacks used on many previous generations of cryptosystems were never brute force -- and certainly every generation of naive cryptographer has said "well, using brute force it would take N years to break my cypher". A simple vingenere cypher with a 12 letter key would seem to be very strong indeed (stronger than DES), and yet we know you can break one in a few moments because there are better attacks than brute force. We have suprisingly little in the way of general theory on what would or would not make a conventional cryptosystem strong. Certainly differential cryptanalysis will not be the last thing people come up with. Until we know everything the NSA knows, I will be hesitant to say "unless something better comes up" and more comfortable saying "until something better comes up." Perry