Looking through my library of saved apas posts, found this for your perusal:

Unless the NSA has completely lost it since I worked with them and DOD
back in the day, things like "this is good enough for secret, or top
secret" isn't how it's done, and for good reasons that I can't see have
changed much. This was awhile back, understand.

Some security needs to be long lived (perhaps forever) and some can
tolerate a short lifetime. For example, communication among fighter
pilots or tankers may only need to be a secret for a little longer than
a mission, or a conflict at most, while some things need to stay secret
"forever".

In the cases I'm aware of, providing a super level of security for a
moving platform just used too much computational power (at the time) to
be practical, and it didn't seem to matter if someone could reliably
crack it in a few weeks anyway -- they were vaporized by then. And any
information the adversary might have gotten was of purely academic or
historical interest by that time.

On the other hand, some things, like methods, names of certain people in
a network, and other things you'd hope would be secure against a
concentrated attack on the cipher by anyone interested, and that the
adversary might have the resources of a state.

So the metric used back then (70's and 80's) was more like "how long can
this last against a concerted attack", not in any way "how secret is the
stuff we want protected". Operational security is certainly very
important, but it doesn't matter much after the operation is done, so
you can use a code that's breakable, but that takes enough time to break
so as not to matter to the operation.

Posted by: Doug Coulter at July 31, 2009 8:33 PM

@Doug Coulter,

"Unless the NSA has completely lost it since I worked with them and DOD
back in the day, things like "this is good enough for secret, or top
secret" isn't how it's done, and for good reasons that I can't see have
changed much."

Nor has it changed in other places that I'm aware of (though like you
it's been a few years).

One security parameter that used to be an "accepted norm" was "if we
can't break it we don't use it". This was because it's "strength was
unknown" and that was a major cause of concern for exactly the reasons
you stated.

Oh and inconveniant as they have always been the NSA and others still
print up OTP's of various forms in large quanties.

And other people have realised that OTP is still a good way to go. I
recently saw a prototype of a USB device that was an OTP system.

The design is quite "cute" and I was surprised at how it had been
designed a lot of thought went into it. It managed to be both
conservative and inovative. The amount of keymat it holds is
surprisingly large (and no it did not use flash memory for storing the
pad) and would be more than sufficient for a very busy MS Office using
person on a short trip.

The only issue with it being "realy cute" is the current EmSec (EMC
style) protection but I don't think that is going to be an impossible
problem to solve ;)

Posted by: Clive Robinson at August 1, 2009 2:20 AM