<div dir="ltr"><div class="gmail_default" style="font-family:arial,helvetica,sans-serif">If you can accept BLAKE2b, the <a href="http://github.com/jlouis/enacl">github.com/jlouis/enacl</a> library supports that through the generichash set of functions (from libsodium). It provides many of the BLAKE-3 benefits, while also providing a large set of other useful primitives on top.</div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif"><br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif">If you really require BLAKE-3 support, rolling a NIF with it should be fairly straightforward. You can eventually take a look at the C code in enacl, which roughly can be adapted into the style of the BLAKE-3 C calls. Hide the BLAKE-3 state in a NIF resource and protect its access by a mutex.</div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif"><br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif">However, I think their impressive benchmarks are obtained by using a parallelized BLAKE-3 against a serial BLAKE2b. In an Erlang setting, it would probably be detrimental to the overall health of the system to grab all CPU cores for hash computations in the name of speed, provided you have enough work to do for the other cores. Your hash computation will be fast, but everything else would just incur higher latency. This might not be desirable.</div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif"><br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif">As for the security margin, what do you have in mind? Both generichash and BLAKE-3 supports a keyed hashing variant, and I would definitely recommend using those if possible. But in practice, SHA-2 isn't really "insecure" as far as what we are trying to use it for (except for length-extension, but there are ways around that). In short, what do you have in mind w.r.t "more security?"</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Fri, Apr 17, 2020 at 10:08 PM - Neustradamus - <<a href="mailto:neustradamus@hotmail.com">neustradamus@hotmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Hello Erlang community,<br>
<br>
For more security, can you add BLAKE3 support?<br>
- <a href="https://github.com/BLAKE3-team" rel="noreferrer" target="_blank">https://github.com/BLAKE3-team</a><br>
- <a href="https://github.com/BLAKE3-team/BLAKE3" rel="noreferrer" target="_blank">https://github.com/BLAKE3-team/BLAKE3</a><br>
- <a href="https://github.com/BLAKE3-team/BLAKE3-specs" rel="noreferrer" target="_blank">https://github.com/BLAKE3-team/BLAKE3-specs</a><br>
<br>
Thanks in advance.<br>
<br>
Regards,<br>
<br>
Neustradamus</blockquote></div><br clear="all"><div><br></div>-- <br><div dir="ltr" class="gmail_signature">J.</div>