Dave Emery <die@die.com>:
Anybody have any estimate as to how much actual strength this adds to DES ?
You might want to read "The Security of DESX" by Phillip Rogaway in CryptoBytes Vol. 2 Number 2 (Summer 1996) pp 8-11, which is available somewhere on RSADSI's web site <URL:http://www.rsa.com> (possibly <URL:http://www.rsa.com/PUBS/> might be a good starting point) or the underlying research paper "How to protect DES against exhaustive key search" by Kilian and Rogaway in CRYPTO '96: [The] results don't say that it's impossible to build a machine which would break DESX in a reasonable amount of time. But they do imply that such a machine would have to employ some radically new idea: it couldn't be a machine implementing a key-search attack, in the general sense which we've described. (Quoted from the CryptoBytes article.)
How would one break it in a practical cracker machine ?
Maybe not at all; see above.