BLAKE2b is a great hash algorithm, it's fast and secure. It could also be improved in several respects, and has been.
* [BLAKE3](https://github.com/BLAKE3-team/BLAKE3) is ~5x faster than BLAKE2b, when single threaded, on the same x86 hardware.
* The creators of BLAKE2 themselves [recommend](https://www.blake2.net/) using BLAKE3.
* The BLAKE2 specification does not specify a default hash length, rather a minimum and maximum. Tools like `b2sum` output the maximum length by default, and as an unfortunate result `makepkg` *only* supports this hash length. A 512 bit hash has *no* plausible security benefit over a truncated 256 bit hash, and makes checksums in `PKGBUILDs` much longer, which is annoying and visually distracting in terminal-based editors. This discourages their use: holding everything else equal there's no reason not to use the best and most secure hash.
* BLAKE3 has a nice Rust implementation and [we already have it packaged](https://archlinux.org/packages/extra/x86_64/b3sum/).
* Adding support would be, I believe, a fairly trivial change to `makepkg` - with the one con that b3sum (or an equivalent) would need indefinite support as an effective dependency of Arch development.
Supporting shorter (256 bit?) BLAKE2b hashes in `makepkg` (as `b2sum` already does) would be a potential different way to go that would achieve some of the benefit, or this could be done in addition to supporting BLAKE3.
↧