CAST SecurityStrength is not correct

[toscalix]

Description

CAST algorithms appears with a SecurityStrength '320'

Link: https://github.com/scanoss/crypto_algorithms_open_dataset/blob/main/definitions_crypto_algorithms/list_definitions_crypto_algorithms/cast.yaml

when it can also have 128 ad 256 which are more common. In fact, you can find CAST-128 (or CAST5) and CAST-256 as algorithms all over the place.

Suggestion

We have two ways to deal with this:

• We define CAST as the algorithm and then we provide different SecurityStrength
• We define each strength as a different algorithm, so we would have CAST-128, CAST-256 and CAST-320 as three different algorithms

References

References:

• https://www.geeksforgeeks.org/cast-algorithm-in-cryptography/
• "Standard Cryptographic Algorithm Naming: Symmetric Ciphers - CAST-128". Retrieved 2013-01-14.
• "CSEC Approved Cryptographic Algorithms for the Protection of Sensitive Information and for Electronic Authentication and Authorization Applications within GC". Communications Security Establishment Canada. 2011-03-01. Archived from the original on 2014-08-07. Retrieved 2014-12-04.
• RFC-2144
• Origin of the CAST algorithm: https://citeseerx.ist.psu.edu/document?repid=rep1&type=pdf&doi=762e677fd7a1d7ee74da005cce138d72a07fb452

[toscalix]

This discussion will now be developed in the SPDX cryptographic list. We will inherit whatever conclusion they make, although most likely the solution is

We define CAST as the algorithm and then we provide different SecurityStrength