Good blog post: "Choosing a hash function for 2030 and beyond: SHA-2 vs SHA-3 vs BLAKE3" by Sylvain Kerkour. A few random comments from me: ⤵️

Huh, I wonder why SHA-256 was faster than BLAKE3 on the 1 KiB test. ⤵️

Ouch. Maybe somebody (Jack O'Connor? 🥺) should optimize BLAKE3 for the modern ARM vector instructions. ⤵️

:-) ⤵️

Yeah! So far Snuffle-2005/Salsa20/ChaCha20/BLAKE/BLAKE2/BLAKE3's bet on SIMD has continued to pay off more and more over the years as CPUs have upgraded their SIMD capabilities. ⤵️

UX is King. In cryptography algorithms as well as in everything else. ⤵️

Part of good UX is offering the user *fewer* options. ⤵️

By the way, that was one of the major upgrades in BLAKE3 compared to its predecessor, BLAKE2. We eliminated all of the optional variants. It is right there in the title of the BLAKE3 paper: ⤵️

Thank God for DJB. And thank DJB for this important refutation. ⤵️

This is an important point. Please write to your friendly neighborhead WebCrypto standards maintainer and request BLAKE3. They can copy it from Deno: ⤵️

🥰

Sigh. Yep. ⤵️

Sigh. Yep. Well, put, Thomas Ptacek! (Although... "lurid message board reason"? NIST got outed by Snowden for literally standardizing a backdoored algorithm! Look up Dual EC-DRBG. Whatever mixture of deceit or sloppiness explains that, don't trust them after that.) 🔚