Let’s Hear It For The Legacy Ciphers: CAST5, IDEA, Blowfish and Twofish

I did my lecture on symmetric key encryption, and while it was mostly about AES and ChaCha20, I had to mention the legacy ciphers of CAST5…
Photo by Joel Moysuh on Unsplash

Let’s Hear It For The Legacy Ciphers: CAST5, IDEA, Blowfish and Twofish

I did my lecture on symmetric key encryption, and while it was mostly about AES and ChaCha20, I had to mention the legacy ciphers of CAST5, IDEA, Blowfish and Twofish. Basically, they are still fairly strong ciphers, but just not used much these days.

It was Bruce Schneier who created Blowfish and Twofish. In fact, Twofish was just pipped at the post for the AES competition (and where CAST5 was dropped at an earlier phase of the competition):

Rijndael was the eventual winner for AES standardization, and where Seperent and Twofish both had better security, but this improved security brought a weaker performance level.

Phil Zimmerman used the IDEA (International Data Encryption Algorithm) cipher to build PGP v2.0, and it is still used as an option for the method. With 3DES, the method is not quite a legacy method, as it is still used in a range of applications (including with TLS 1.2).

So, let’s do some legacy ciphers.

Having Armor

What’s the simplest way to encrypt something? Well, OpenSSL is a little bit cumbersome with its terse command line options. Overall, GPG (GNU Privacy Guard) possibly provides a solution. In Version 2, it has really grown up and now supports elliptic curve methods. In terms of symmetric key methods, GPG can be used to convert a binary format in an Armor form, and which supports the embedded for an encrypted message within a text format. An example is:

-----BEGIN PGP MESSAGE-----

jA0EAgMCIUllLY3Fe+TH0jIBbVClcS0NJF05U8VRW8BDEHjW/E40EKbObStNK4Wy
VyI6p7SDJr3Oh7Fxu04CVZT/fg==
=mIoy
-----END PGP MESSAGE----

While GPG of course supports AES encryption, it includes a number of legacy ciphers including CAST5. Overall, CAST5 uses a 64-bit block size (as opposed to a 128-bit block size for AES), and a 128-bit encryption key. It has a Feistel cipher, and which is similar to the approach of DES and 3DES. GPG does a great job in supporting older ciphers, such as IDEA, Blowfish, Twofish, and Camellia.

CAST5

CAST5 (aka CAST-128) was created by Carlise Adams and Stafford Taveres (CAST), along with Howard Heys and Michael Wiener, and standardized in RFC 2144:

CAST-256 increased the block size to 128 bits:

GPG

We can create a file named 111.txt and then encrypt it with GPG. For this, we use the “ — symmetric” flag to encrypt, and decrypt with the “-d”. In the following we see that the default symmetric key cipher is 256-bit AES with CFB mode:

> gpg --symmetric  111.txt
File '111.txt.gpg' exists. Overwrite? (y/N) y

> cat 111.txt.gpg
       3�(���X��ITܫ�*������NE
T#�� �ת���]ӂx�+�Ut����d�fF

> gpg -d 111.txt.gpg
gpg: AES256.CFB encrypted data
gpg: encrypted with 1 passphrase
This is a test.

This will prompt for a password, and which is used with PBKDF2 to produce the encryption key. Overall, the .gpg type of format is difficult to encapsulate in a text form, so we can modify it to output an Armor format (.asc):

> gpg --symmetric  --armor  111.txt
File '111.txt.asc' exists. Overwrite? (y/N) y
> cat 111.txt.asc
-----BEGIN PGP MESSAGE-----

jA0ECQMCNMJfNMwEE7G60kkBgUQIFDZigeCNs50BcBCWJZA4w6hVf2vFeHQ2MNGs
FvKfXxttBZCWWgkZUNxTinTY9sBM7bl1Ho8KOMUQAZnaAmx0l+IL6Q+9
=/6IK
-----END PGP MESSAGE-----

> gpg -d 111.txt.asc
gpg: AES256.CFB encrypted data
gpg: encrypted with 1 passphrase
This is a test.

To encrypt with CAST5 we need to force the encryption with the “ — allow-old-cipher-algos”:

gpg --symmetric --allow-old-cipher-algos --cipher-algo CAST5 111.txt

With a passphrase of “napier”, this produces a binary file of:

>cat 111.txt.gpg
`���vZ�]����Hg�����L8g���_���F�J

And then with an Armor format (.asc):


> gpg --symmetric --allow-old-cipher-algos --armor --cipher-algo CAST5 111.txt 
> cat 111.txt.asc
-----BEGIN PGP MESSAGE-----

jA0EAwMCHBrJLZbIhRK60kIBiy2c/zwSv053ao/8MJBbjY4+e8aJmE0z/p/t8A+H
pBAJgHHIj3777akEyLr5200QT7KIlfXssbRr7liQxHiQzhQ=
=40BJ
-----END PGP MESSAGE-----

Application

In this case we will encrypt the word “hello” with a password of “napier” and using the 3DES encryption method [here]:

echo | set /p =  "Hello"   | gpg --symmetric --cipher-algo 3des --armor --batch --passphrase napier --allow-old-cipher-algos
echo | set /p =  "Hello"   | gpg --symmetric --cipher-algo 3des --armor --batch --passphrase napier --allow-old-cipher-algos | gpg -d --batch --passphrase napier

In Linux, this is [here]:

echo -n "Hello"   | gpg --symmetric --cipher-algo 3des --armor --batch --passphrase napier --allow-old-cipher-algos
echo -n "Hello"   | gpg --symmetric --cipher-algo 3des --armor --batch --passphrase napier --allow-old-cipher-algos | gpg -d --batch --passphrase napier

A sample run with CAST5 is [here]:

Message:  "hello"
Type:  CAST5
Passphrase: password
Encrypted:
-----BEGIN PGP MESSAGE-----

jA0EAwMCD1ut4Xkxv8PH0jIBRssfpePm3UZ2IKzC1Ujij0O3ENTQ18QDQY7VEOdv
s0DeEH8DloRmQ0f9dJ8uhSCGkg==
=zdiW
-----END PGP MESSAGE-----
Decrypted: 
hello

A sample run with 3DES is [here]:

Message:  "hello"
Type:  3DES
Passphrase: password
Encrypted:
-----BEGIN PGP MESSAGE-----
jA0EAgMCIUllLY3Fe+TH0jIBbVClcS0NJF05U8VRW8BDEHjW/E40EKbObStNK4Wy
VyI6p7SDJr3Oh7Fxu04CVZT/fg==
=mIoy
-----END PGP MESSAGE-----
Decrypted: 
hello

And Twofish [here]:

Message:  "hello"
Type:  TWOFISH
Passphrase: password
Encrypted:
-----BEGIN PGP MESSAGE-----

jA0ECgMCF7knAksjNjnH0joBaxru5r4FJqsCQRwBqrFxU3vaGLEye0pd3rBvXo86
9a68weXKl8Q5lrfIuFDuGj1VPOIwjVavVLTB
=ejv+
-----END PGP MESSAGE-----
Decrypted: 
hello

Conclusions

Ciphers like Twofish and CAST5 are not weak ciphers, they just have lost the adoption race to