There's been a lot of talk about how "easy" it is to break DES. As a mental exercise I decided to see just how difficult it would be for me if I really wanted to break a DES key. There are 116 publicly availiable unix workstations here on campus (DEC 3100s). Between 12 am and 8 am, there are rarely more than 50 users on the systems, including remote users. I could probably run processes on 50 of the unused machines for a few hours every night without being too much of a nuisance. Assuming I could try a million DES decryption operations a second on each (gross overestimation), how long would it take to brute force a DES key? Let's suppose for sake of argument that I could get the machines all day: 2^56 keys / 50 cpus / 1,000,000 per second / 60 seconds / 60 minutes / 24 hours = 16680 days = 45.7 years Of course, specially-designed hardware would be much faster.