rotor alternative?

[Peter Hansen]

Dave Brueck wrote:
> 
> Rotor was nice because for very little costs in terms of CPU / coding nuisance
> you could protect semi-sensitive data from nearly everyone. Sure it's
> strength-per-bit-of-key-size doesn't stack up well against more modern
> algorithms

That's kind of the heart of the matter right there: just how good _is_
rotor, compared to modern algorithms?  Can anyone describe it perhaps
in comparison with DES/3DES using a kind of "equivalent key size" estimate?

My guess is that it's so insecure that most people wouldn't really want
to use it if they knew how insecure it was, or they would actually decide
that something like XORing the data is actually adequate and stick with
that.

I suspect that those who want rotor actually want something stronger
than it really is, but could actually get by with something even weaker
than it is (though they don't believe that), and leaving it out of the 
standard library isn't a real problem, just a perceived one.

I also suspect that statement will generate quite a bit of debate. :-)

-Peter