CAST-256 is an encryption algorithm designed using the CAST
design method, which was invented by Carlisle Adams
and Simon Tavares
. CAST-256 is quite similiar to CAST-128
, but has a 128-bit block and up to a 256-bit key, both of which are twice what CAST-128 supports. CAST-256 uses the same tables and round functions as it's predecessor, but instead of being a pure Feistel cipher
like DES or Blowfish, it is what is termed a Generalized Feistel Network
, a term invented by Matt Blaze
and Bruce Schneier
in the early 90s (for illustration purposes, they invented a new cipher MacGuffin
, which was designed in this manner, but it was quickly broken).
CAST-256 was one of the candidates for NIST's AES competition, but was not selected as one of the five final candidates because it was considerd too similiar (in terms of security properties) to the cipher Serpent. Both are quite conservative, using a very large number of rounds, and it was felt that if two ciphers were to be chosen as co-AES winners (which was thought a possiblity during much of the competition), it was highly unlikely that Serpent and CAST-256 would both win.