Clarification needed on rand_hc implementation of HC-128 #55
Description
Background:
The latest version of the docs indicate the following:
This implementation is not based on the version of HC-128 submitted to the eSTREAM contest, but on a later version by the author with a few small improvements from December 15, 20094.
The footnote in the docs link to this reference that no longer exists - https://www.ntu.edu.sg/home/wuhj/research/hc/index.html
However, using the Internet Archive, we can see the page, with the last modified date of December 15, 2009 - https://web.archive.org/web/20110527154230/https://www.ntu.edu.sg/home/wuhj/research/hc/index.html
This webpage is general and does not directly outline said "small improvements" by the author of HC-128.
Concern:
The current docs do not transparently reflect which version of HC-128 is implemented in rand_rc. The Rust Random book specifically mentions that HC-128 is recommended by eSTREAM, though this crate is using an implementation that is NOT recommended by eSTREAM.
This creates a false sense of security for those who may be relying on the guarantees and analysis that the eSTREAM project provided. eSTREAM did not provide analysis/review/approval/recommendation of the "small improvements" version that is vaguely referenced in the docs for rand_rc.
Because of this, the docs need to better reflect which implementation is being used and MUST be very clear that the recommendation by eSTREAM is misleading. I do not believe that the cryptanalysis of HC-128 as it relates to eSTREAM can be assumed to be valid for this optimized version with "small improvements".