Skip to content

Latest commit

 

History

History
105 lines (75 loc) · 5.26 KB

README.md

File metadata and controls

105 lines (75 loc) · 5.26 KB

LegacySwiftCrypto

LegacySwiftCrypto logo

Legacy cryptographic primitives and compatibility utilities implemented in Swift.

Warning

This package is for educational and interoperability purposes only. It contains outdated and insecure algorithms and is not suitable for production use.

Functionality

  • Hashes: MD2, MD4, MD5, SHA-1, RIPEMD-128, RIPEMD-160, Tiger, Whirlpool, GOST 34.11-94, HAVAL
  • Ciphers (block/stream): Blowfish, CAST5, RC2, RC4, IDEA, SEED, GOST 28147-89, FEAL/FEALX, SAFER, SAFER+, Skipjack
  • MACs: HMAC-MD5 (KeyedMD5), CBC-MAC (DES), UMAC (AES-based)
  • KDFs / Password hashes: PBKDF2 (SHA-1), MD5Crypt, SHA1Crypt, LMHash, NTLMv1

Algorithm notes (legacy context)

These notes explain what each algorithm is and why it is considered legacy today. Every algorithm listed below is not secure for new designs; they are included solely for compatibility and educational use.

Hashes (not secure)

  • MD2: 128-bit hash designed for 8-bit CPUs. It is obsolete, slow, and has been broken by modern cryptanalysis; it should never be used for integrity or signatures.
  • MD4: 128-bit hash that is cryptanalytically broken. Collisions are trivial and it provides no security against forgery.
  • MD5: 128-bit hash with practical, fast collision attacks. It is not safe for signatures, integrity, or password hashing.
  • SHA-1: 160-bit hash with demonstrated collision attacks. It is deprecated by standards bodies and unsuitable for security.
  • RIPEMD-128: Short 128-bit digest and older design. It lacks modern security margins and is not recommended.
  • RIPEMD-160: 160-bit digest used for legacy compatibility (e.g., older systems). It is superseded by SHA-2/SHA-3 and not advised for new work.
  • Tiger: 192-bit hash optimized for 64-bit CPUs. It is legacy, lacks wide modern analysis, and is not recommended for security.
  • Whirlpool: 512-bit hash with an older design and limited modern adoption. It is not widely supported and is generally replaced by SHA-2/SHA-3.
  • GOST 34.11-94: Soviet/Russian standard hash replaced by GOST 34.11-2012. It is obsolete and not suitable for new deployments.
  • HAVAL: Variable-length, multi-pass hash family. It is legacy, lacks modern security guarantees, and should not be used for security.

Ciphers (not secure)

  • Blowfish: 64-bit block cipher. The small block size makes it unsafe for large volumes of data (birthday bound issues), and it is superseded by AES.
  • CAST5: 64-bit block cipher used in older protocols. Legacy, with small block size and replaced by AES.
  • RC2: 64-bit block cipher from the early 1990s. Legacy, slow, and discouraged in modern protocols.
  • RC4: Stream cipher with strong biases and known attacks. It is banned in TLS and should never be used.
  • IDEA: 64-bit block cipher with legacy usage. Small block size and modern replacements make it unsuitable for new designs.
  • SEED: 128-bit block cipher (Korean standard). Rarely used today and not recommended for new systems.
  • GOST 28147-89: 64-bit block cipher from older GOST standards. Legacy and replaced by newer GOST algorithms.
  • FEAL / FEALX: Early academic designs that are cryptanalytically broken; not secure.
  • SAFER: 64-bit block cipher family. Legacy and replaced by AES.
  • SAFER+: 128-bit block cipher variant. Legacy with limited adoption and not recommended.
  • Skipjack: 64-bit block cipher from historical U.S. government use. Legacy and not suitable today.

MACs (not secure)

  • HMAC-MD5 (KeyedMD5): HMAC is a sound construction, but MD5 is broken; this is not safe for modern authentication.
  • CBC-MAC (DES): CBC-MAC is only safe with fixed-length messages and strong block ciphers; DES is 56-bit and insecure. This is strictly legacy.
  • UMAC (AES-based): UMAC itself is a modern design, but this implementation is included for compatibility with legacy protocols; use established, audited libraries for production.

KDFs / Password Hashes (not secure)

  • PBKDF2 (SHA-1): PBKDF2 is standardized, but SHA-1 is legacy and PBKDF2 is CPU-only. Modern systems should use SHA-256/512 or memory-hard KDFs like scrypt/Argon2.
  • MD5Crypt: Legacy Unix password hash. Weak by today’s standards and replaced by stronger schemes.
  • SHA1Crypt: Legacy password hash using SHA-1. Weak and superseded by stronger schemes.
  • LMHash: Old Windows hash. It uppercases passwords, truncates to 14 chars, and uses DES; extremely weak.
  • NTLMv1: Legacy challenge-response protocol. Weak and superseded by NTLMv2/Kerberos.

Requirements

  • Swift toolchain (Swift Package Manager)

Add as a Swift package

Use Swift Package Manager in your Package.swift:

dependencies: [
    .package(url: "https://github.com/deya-eldeen/LegacySwiftCrypto", branch: "main"),
],
targets: [
    .target(
        name: "YourTarget",
        dependencies: [
            .product(name: "LegacySwiftCrypto", package: "LegacySwiftCrypto"),
        ]
    ),
]

If you use Xcode: FileAdd Packages... → paste the repo URL and choose the branch or a tagged version.

Example app

The SwiftUI example app lives in Example/LegacySwiftCryptoExample.xcodeproj. Open it in Xcode and run it on a simulator to explore the algorithms.

Example app screenshot

Run unit tests (no Xcode)

From the repository root:

swift test

Optional: build the library only:

swift build