[makepkg] feature: support for BLAKE3 / b3sum hashes
BLAKE2b is a great hash algorithm, it's fast and secure. It could also be improved in several respects, and has been.
- BLAKE3 is ~5x faster than BLAKE2b, when single threaded, on the same x86 hardware.
- The creators of BLAKE2 themselves recommend using BLAKE3.
- The BLAKE2 specification does not specify a default hash length, rather a minimum and maximum. Tools like
b2sum
output the maximum length by default, and as an unfortunate resultmakepkg
only supports this hash length. A 512 bit hash has no plausible security benefit over a truncated 256 bit hash, and makes checksums inPKGBUILDs
much longer, which is annoying and visually distracting in terminal-based editors. This discourages their use: holding everything else equal there's no reason not to use the best and most secure hash. - BLAKE3 has a nice Rust implementation and we already have it packaged.
- Adding support would be, I believe, a fairly trivial change to
makepkg
- with the one con that b3sum (or an equivalent) would need indefinite support as an effective dependency of Arch development.
Supporting shorter (256 bit?) BLAKE2b hashes in makepkg
(as b2sum
already does) would be a potential different way to go that would achieve some of the benefit, or this could be done in addition to supporting BLAKE3.