Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Clarification needed on rand_hc implementation of HC-128 #55

Open
m0xsec opened this issue Jul 30, 2024 · 5 comments
Open

Clarification needed on rand_hc implementation of HC-128 #55

m0xsec opened this issue Jul 30, 2024 · 5 comments

Comments

@m0xsec
Copy link

m0xsec commented Jul 30, 2024
edited
Loading

Background:

The latest version of the docs indicate the following:

This implementation is not based on the version of HC-128 submitted to the eSTREAM contest, but on a later version by the author with a few small improvements from December 15, 20094.

The footnote in the docs link to this reference that no longer exists - https://www.ntu.edu.sg/home/wuhj/research/hc/index.html

However, using the Internet Archive, we can see the page, with the last modified date of December 15, 2009 - https://web.archive.org/web/20110527154230/https://www.ntu.edu.sg/home/wuhj/research/hc/index.html

This webpage is general and does not directly outline said "small improvements" by the author of HC-128.

Concern:

The current docs do not transparently reflect which version of HC-128 is implemented in rand_rc. The Rust Random book specifically mentions that HC-128 is recommended by eSTREAM, though this crate is using an implementation that is NOT recommended by eSTREAM.

This creates a false sense of security for those who may be relying on the guarantees and analysis that the eSTREAM project provided. eSTREAM did not provide analysis/review/approval/recommendation of the "small improvements" version that is vaguely referenced in the docs for rand_rc.

Because of this, the docs need to better reflect which implementation is being used and MUST be very clear that the recommendation by eSTREAM is misleading. I do not believe that the cryptanalysis of HC-128 as it relates to eSTREAM can be assumed to be valid for this optimized version with "small improvements".
@m0xsec m0xsec changed the title Clarification needed on rand_hc implementation Clarification needed on rand_hc implementation of HC-128 Jul 30, 2024
@vks
Copy link
Contributor

vks commented Jul 31, 2024

I think we can just remove HC-128 from the table, we are not using or recommending it anymore.

@m0xsec
Copy link
Author

m0xsec commented Aug 1, 2024
edited
Loading

I think we can just remove HC-128 from the table, we are not using or recommending it anymore.

Would this change just apply to the docs or are you suggesting removing HC-128 / the rand_rc codebase as well? Also, I am curious why its not being recommended anymore - any info you can point me to regarding that change?

@dhardy
Copy link
Member

dhardy commented Aug 1, 2024

Only that we no longer use it as StdRng, so no longer need it in that sense.

I haven't looked into this in a long while, but it may be useful to continue maintaining this? That said, assistance with maintainance is always appreciated.

@m0xsec
Copy link
Author

m0xsec commented Aug 1, 2024

I would advocate for maintaining HC-128 as I believe it is still relevant. I do think this requires a review of the documentation and the implementation so it is clear what version of HC-128 is being provided. I can take a stab at trying to piece that together if it isn't readily available given how long its been.

@dhardy
Copy link
Member

dhardy commented Aug 1, 2024

I can take a stab at trying to piece that together if it isn't readily available given how long its been.

Please do!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@vks @dhardy @m0xsec