One convenient fact about brute-force attacks is that it is quite easy to make firm mathematical statements about them. For example, we know, in quite simple terms, that the Data Encryption Standard's (DES) 56-bit key is computationally breakable by brute force on current computers (and especially with distributed networks of current computers). Trying all 2^56 keys only takes on the order of hours, days, or weeks on high-end machines (or on networks of hundreds of more ordinary cooperating machines).

Suppose, pessimistically, that Mallory's TLA (three-letter agency) can break a DES message by brute-force attack on its key in one hour on their supercomputer. Now suppose that Alice decides to start using a DES-like algorithm, but one that has 64-bit keys (DES-like in the sense that performing a test decryption takes about the same amount of time). We know by simple arithmetic that Mallory will now need around 2^8 hours to mount a brute-force attack on the message. So Mallory's TLA needs to expend 10 days of its supercomputer's bogoMIPS to break Alice's message (by this means) rather than just an hour.