For the AES version, the is based on the assumption that AES is strong. In particular it rests on the assumption that someone not knowing the key won’t be able to generate data that will result in a high probability of collision after two rounds of AES.
Looking at the structure of AES you can immediately see why this is highly likely. The first step is an S-box lookup. If the incoming data is xored with a key the attacker cannot control the lookup path and resulting data will be totally different. This is only amplified after the shift/mix step, and a second round repeats this process.
AES has been sufficiently analyzed that I don’t think any new predictable patterns will come up that will allow for exploit.
For the fallback algorithm the case is harder to make, as it is operating on primitives. So what I can say is this: I have taken the time to understand how each of the hashes was broken and did not repeat the same mistake. (I can’t promise I haven’t invented a whole new way of being wrong.) But I do think any attack against it will require a significantly higher level of sophistication.
One reason for this is a very simple test I wrote: I assert that every single bit in the input will end up changing a large enough number of bits, nibbles, and bytes in the output to look like a totally different value. I make a similar assertion about changing every single bit in the key.
Every hasher that has been broken that I am aware of, would have failed this simple test. It’s easy for an attacker to cause a collision when one bit only affects one other bit, they just have to find a way to cancel it out. But if a single bit flip affects many other bits and which ones depends on a key they cannot observe, it is much harder to attack.