This article is from the PGP FAQ, by Jeff Licquia firstname.lastname@example.org with numerous contributions by others.
This is one of the first questions that people ask when they are first
introduced to cryptography. They do not understand the size of the
problem. For the IDEA encryption scheme, a 128 bit key is required.
Any one of the 2^128 possible combinations would be legal as a key,
and only that one key would successfully decrypt all message blocks.
Let's say that you had developed a special purpose chip that could try
a billion keys per second. This is FAR beyond anything that could
really be developed today. Let's also say that you could afford to
throw a billion such chips at the problem at the same time. It would
still require over 10,000,000,000,000 years to try all of the possible
128 bit keys. That is something like a thousand times the age of the
known universe! While the speed of computers continues to increase and
their cost decrease at a very rapid pace, it will probably never get
to the point that IDEA could be broken by the brute force attack.
The only type of attack that might succeed is one that tries to solve
the problem from a mathematical standpoint by analyzing the
transformations that take place between plain text blocks, and their
cipher text equivalents. IDEA is still a fairly new algorithm, and
work still needs to be done on it as it relates to complexity theory,
but so far, it appears that there is no algorithm much better suited
to solving an IDEA cipher than the brute force attack, which we have
already shown is unworkable. The nonlinear transformation that takes
place in IDEA puts it in a class of extremely difficult to solve