Blowfish and IDEA are not fine. They're block ciphers with 8-byte blocks. They are both materially less secure than AES. Recommending them is borderline malpractice.
You have an attack on them? One that works with a Top 500 supercomputer? With a IBM Bluegene? With a FPGA? With Intel hardware most black hats have?
IDEA particularly was a thorn in the side for NSA via the most famous app using it. Academics gave it plenty of beatdown. It's still secure in practice. So is Blowfish if working around weak keys and rotating frequently. My motto in high security is "tried and true beats novel and new." An new thing shows up with new methods, new proofs, and a few years later new attacks. I'll take the thing that works despite tons of effort to make it not work.
That said, remember a cascade is my usage case. AES finalists received enormous peer review. At least one of them is always used. The weaker ciphers are in the middle. Then, there's stream ciphers such as Salsa20. Ciphers that are the same can't be used in a row (meet in middle). Any pro looking at the construction hasn't identified a realistic risk in years far as the crypto goes. Protocol implementation, RNG's, parsers, etc were the usual worry areas.
So, I call FUD on this stuff. It's one of the things cryptographers always bring up without evidence of any practical risk. I'm confident that, accounting for weaknesses, certain algorithms are strong after still being secure for 10+ years of significant use and cryptanalysis. That's a good track record without a break in INFOSEC, right?
Yes, there are real attacks on constructions build from 8-byte blocks. And no, that's not how real-world crypto attacks work; we don't use supercomputers to mount brute-force searches.†
A 2015 recommendation for Blowfish is cryptographic malpractice.
† unless you're crazy enough to prefer DH to ECDH.
I believe it's possible. It's why I only use it in cascades. Yet, where's the practical attack where IDEA and Blowfish traffic are decrypted with ciphertext? If it's malpractice, then they're either fully decryptable or will be soon based on existing attacks on specific numbers of rounds or implementations.
I would appreciate you to cite evidence of people decrypting files protected by Blowfish or IDEA by breaking the cipher.
What is it about a smaller block size that makes it less secure? Wikipedia mentions that it's recommended not to encrypt files larger than 4GB because of the block size but it never specifies why.
* Constructions like CTR need to divide the block, in CTR's case to hold both a counter and a nonce. The convention is to use half the block for the nonce and half for the counter, which, in an 8-byte block, means you're working with a 32 bit nonce (much too small) and a 32 bit counter. We actually broke an embedded system that, because of protocol headroom issues, used small counters for CTR mode.
* (Related) That issue more or less rules out all the modern AEAD modes, all of which are specified on 16+-byte blocks, for that reason.
* The smaller block size makes malleability attacks easier. For instance, when you're bitflipping CBC, the edits scramble a block and alter the next. With an 8 byte block, you have much more control over what gets scrambled and what gets edited.
