Activecrypt Online Help Prev Next
About ActiveCrypt
ActiveCrypt overview
How to ...
How to make pair of keys
Create new public key from private
How to decrypt string
How to encrypt string
How to save keys
Free keys
Programmer reference
Hash overview
Encryption overview
Base64 overview
Sign overview
RSACrypt (old, use Crypt)


In RFC 2144 dated May 1997, Carlisle Adams (the CA in CAST, ST standing for Stafford Tavares) describes CAST5 as:

"...a DES-like Substitution-Permutation Network (SPN) cryptosystem which appears to have good resistance to differential cryptanalysis, linear cryptanalysis, and related-key cryptanalysis. This cipher also possesses a number of other desirable cryptographic properties, including avalanche, Strict Avalanche Criterion (SAC), Bit Independence Criterion (BIC), no complementation property, and an absence of weak and semi-weak keys."

CAST5 is a symmetric block cipher with a block-size of 8 bytes and a variable key-size of up to 128 bits. Its authors and their employer (Entrust Technologies, a Nortel majority-owned company) made it available worldwide on a royalty-free basis for commercial and non-commercial uses.


International Data Encryption Algorithm (IDEA) is a method to encrypt and decrypt data. A key (which must be randomly chosen) is used to encrypt the data, and that same secret key is needed for decrypting the data again.

IDEA is the second version of a block cipher designed by Xuejia Lai and James L. Massey. RSA Security describes it this way:

[IDEA] is a 64-bit iterative block cipher with a 128-bit key. The encryption process requires eight complex rounds. Decryption is carried out in the same manner as encryption once the decryption subkeys have been calculated from the encryption subkeys. The cipher structure was designed to be easily implemented in both software and hardware, and the security of IDEA relies on the use of three incompatible types of arithmetic operations on 16-bit words. However some of the arithmetic operations used in IDEA are not that fast in software. As a result the speed of IDEA in software is similar to that of DES. [2]

RSA Security goes on to say that IDEA was analyzed to measure its strength against differential cryptanalysis. The analysis concluded that IDEA is immune to that technique. In fact, (says RSA Security), there are no linear cryptanalytic attacks on IDEA, and there are no known algebraic weaknesses in IDEA. The only weakness of note was discovered by Daemen [DGV94]: using any of a class of 251 weak keys during encryption results in easy detection and recovery of the key. "However, since there are 2128 possible keys, this result has no impact on the practical security of the cipher for encryption provided the encryption keys are chosen at random. IDEA is generally considered to be a very secure cipher and both the cipher development and its theoretical basis have been openly and widely discussed." [ibid.]

IDEA encryption is somewhat faster and generally considered to be more secure than DES encryption. But IDEA is newer and therefore has not been as extensively tested, and it is patented which restricts its commercial use. The patent will expire in 2011.


Blowfish is a symmetric, secret key, block cipher designed in 1993 by Bruce Schneier. There is an official Blowfish website.

Blowfish has a 64 bit block size and a key length of anywhere from 32 bits to 448 bits. It is based on Schneier's idea that good security against both known and future cryptanalysis can hopefully be obtained by using large, pseudo-random, key dependent s-boxes.

It is one of the faster block ciphers in widespread use, except for changing keys. Each new key requires pre-processing equivalent to encrypting about 4 kilobytes of text, which is very slow compared to other block ciphers. This prevents its use in certain applications, but is not a problem in others.

Also, Blowfish has a relatively large memory footprint of just over 4 kilobytes of RAM. This is not a problem even for older smaller desktop and laptop computers, but it does prevent use in the smallest embedded systems such as smartcards.

There is no effective cryptanalysis of Blowfish known publicly as of Sept. 2002. It should be noted that, like other block cyphers with a 64 bit block, it is risky to encrypt extremely large texts (more than a few hundred megabytes) with a single key. If more data is to be encrypted a block cipher with a larger block size should be used.

Within the limitations noted, Blowfish is a very useful and respected cipher and has seen widespread application. 


The Advanced Encryption Standard, more commonly referred to as AES, is a block cipher with a block size of 128 bits and key sizes of 128, 192, and 256 bits. It was adopted by NIST as US FIPS PUB 197 in November 2001 after a 5-year standardisation process.

AES was developed by two Belgian cryptographers, Joan Daemen and Vincent Rijmen. It is also known by the name in the original submission "Rijndael", something best pronounced as "Rine dahl" with a long "i" and a silent "e" for those that don't speak Dutch. Strictly speaking AES is not precisely the same as Rijndael, because Rijndael supports larger block sizes (as requested in NIST's invitation to submit algorithms?)whereas AES has a fixed block size of 128 bits.

AES is fast in both software and hardware, is relatively easy to implement, and requires little memory. As the new block cipher standard it is currently being deployed on a large scale. Further reading


RC4 is a symmetric, secret key, stream cryptographic cipher designed by Ron Rivest. RC apparently stands for "Ron's Code". Also publicly known are the block ciphers RC2 and RC5. RC4 was initially a trade secret, but in September of 1994 an anonymous person reverse engineered it and posted it to the Cypherpunks mailing list. It quickly spread to Usenet on the sci.crypt newsgroup, and on to many sites on the Internet. Because the algorithm is known, it is no longer a trade secret. The name RC4 is trademarked. The current status seems to be that "unofficial" implementations are legal, but can't use the RC4 name. RC4 is often referred to as "ARCFOUR", to avoid possible trademark problems. It has become part of some commonly used encryption protocols and standards, including SSL, that is used for secure network web browsers.

RC4 is initialised from a secret key. Then it generates a "keystream" which is simply XORd with the plaintext to produce the ciphertext. Decryption is exactly the same as encryption. One reason for its popularity is its simplicity. The algorithm can be memorized and quickly implemented from memory. It uses 256 bytes of memory, S[0] through S[255], and it uses integer variables, i, j, and k. A message is encrypted or decrypted with this algorithm:

for i = 0...255
for i = 0...255
j=(j+S[i]+key[i mod key_length]) mod 256
swap S[i] and S[j]
loop until the entire message is encrypted/decrypted
i=(i+1) mod 256
j=(j+S[i]) mod 256
swap S[i] and S[j]
k=S[(S[i]+S[j]) mod 256]
output the XOR of k with the next byte of input

RC4 is one of the fastest ciphers to be widely used for serious work.

Cryptanalysis of RC4 is at a rather uncertain stage. Theoretical breaks may be possible if gigabytes of known plaintext/known ciphertext stream are available, but this is not necessarily a major problem in practice. In 2001 a new and surprising discovery was made: over all possible RC4 keys, the statistics for the first byte of output keystream are seriously non-random. It remains to be seen if this is an academic curiousity, or a sign of more serious problems to be discovered soon. Current implementations often discard the first 256 bytes of the stream to avoid potential problems.

As with all stream ciphers, RC4 is easily broken if the same key is used twice. This problem is usually solved by hashing the key with a unique initialization vector (IV) each time it is used, and sending the IV along with the message. 


RC5 is a fast block cipher designed by Ronald Rivest for RSA Data Security (now RSA Security) in 1994. It is a parameterized algorithm with a variable block size, a variable key size, and a variable number of rounds. Allowable choices for the block size are 32 bits (for experimentation and evaluation purposes only), 64 bits (for use a drop-in replacement for DES), and 128 bits. The number of rounds can range from 0 to 255, while the key can range from 0 bits to 2040 bits in size. Such built-in variability provides flexibility at all levels of security and efficiency.

There are three routines in RC5: key expansion, encryption, and decryption. In the key-expansion routine, the user-provided secret key is expanded to fill a key table whose size depends on the number of rounds. The key table is then used in both encryption and decryption. The encryption routine consists of three primitive operations: integer addition, bitwise XOR, and variable rotation. The exceptional simplicity of RC5 makes it easy to implement and analyze. Indeed, like the RSA system, the encryption steps of RC5 can be written on the "back of an envelope". The heavy use of data-dependent rotations and the mixture of different operations provide the security of RC5. 


RSA is an asymmetric algorithm for public key cryptography. Credit for its development is given to Ron Rivest, Adi Shamir and Len Adleman, who described the algorithm in 1977, the letters RSA being the initials of their surnames.

The security of the RSA system relies on the difficulty of factoring very large numbers. RSA is widely used in electronic commerce.

It should be noted that Clifford Cocks, a British mathematician working for GCHQ, developed an equivalent system several years earlier. His discovery, however, was not revealed until much later due to its top-secret nature.

The algorithm was patented by MIT in 1983 in the United States of America. The patent expired in September 2000. Since the algorithm had been published prior to the patent application, it could not be patented in other countries.

This HTML Help has been published using the chm2web software.