Well, first - I believe DES was designed with 64 bit keys in mind, and then they apparently discovered it to be sensitive to the "sliding attack", ie. differential cryptanalysis...
While longer key indeed offers little protection against attacks like differential cryptanalysis - it's hard to argue that it can blow brute-force attack out of the water... But isn't the idea differential cryptanalysis *can* blow brute-force out of the water if the algorithm is sensitive to it, and the symmetries that could be introduced by 64-bit DES keying might have made it thus sensitive. It isn't just that extra key "offers little protection", it might actually *weaken* the algorithm. (No, I'm not an expert on DES, but I've followed the net, read the FIPS, read Biham-Shamir, and thought about it a bit for myself.) _Mark_