It must be noted that while BLAKE3 greatly outperforms other hashes such as BLAKE2 and SHA-2/3, it is not the only one providing such level of performance. Specifically, KangarooTwelve reaches approximately the same throughput as BLAKE3 on an Intel Cascade Lake-SP 8275CL mentioned above, as per BLAKE3 authors' own benchmark. This result is also coherent with KangarooTwelve authors' own benchmark. Conversely, according to the figures provided by BLAKE3's authors, BLAKE3 appears to significantly beat KangarooTwelve on a Raspberry Pi Zero using a 32-bit ARM1176 processor.

When it comes to BLAKE3 security, its authors claim it to be 128-bit secure for all security goals, including preimage, collision, or differentiability attacks. This means BLAKE3 is as secure as SHA3-256 and other hashes that also target 128-bit security. In this respect, the biggest concern for many is BLAKE3 using only seven rounds, down from 12 in BLAKE2 and other hashes. According to some Reddit commenters, for example, this could mean BLAKE3 is less secure against future, currently unknown attacks that are not yet included in current crypto-analysis. This is a highly debated theme and, in fact, one of BLAKE3's authors, Aumasson, is also the author of "Too Much Crypto", a paper where he argues that many symmetric cryptography primitives use too many rounds and could be made much faster with fewer rounds without impacting their security.

BLAKE3's authors provided a reference implementation for their new hash in Rust, which is available on GitHub. They also rewrote it for C, aiming though to a simpler implementation that does not support multi-threading and is therefore slower. Additionally, Luke Champine ported it to Go, attaining what he himself describes as "not great, not terrible" performance.

It must be noted that while BLAKE3 greatly outperforms other hashes such as BLAKE2 and SHA-2/3, it is not the only one providing such level of performance. Specifically, KangarooTwelve reaches approximately the same throughput as BLAKE3 on an Intel Cascade Lake-SP 8275CL mentioned above, as per BLAKE3 authors' own benchmark. This result is also coherent with KangarooTwelve authors' own benchmark. Conversely, according to the figures provided by BLAKE3's authors, BLAKE3 appears to significantly beat KangarooTwelve on a Raspberry Pi Zero using a 32-bit ARM1176 processor.

When it comes to BLAKE3 security, its authors claim it to be 128-bit secure for all security goals, including preimage, collision, or differentiability attacks. This means BLAKE3 is as secure as SHA3-256 and other hashes that also target 128-bit security. In this respect, the biggest concern for many is BLAKE3 using only seven rounds, down from 12 in BLAKE2 and other hashes. According to some Reddit commenters, for example, this could mean BLAKE3 is less secure against future, currently unknown attacks that are not yet included in current crypto-analysis. This is a highly debated theme and, in fact, one of BLAKE3's authors, Aumasson, is also the author of "Too Much Crypto", a paper where he argues that many symmetric cryptography primitives use too many rounds and could be made much faster with fewer rounds without impacting their security.

BLAKE3's authors provided a reference implementation for their new hash in Rust, which is available on GitHub. They also rewrote it for C, aiming though to a simpler implementation that does not support multi-threading and is therefore slower. Additionally, Luke Champine ported it to Go, attaining what he himself describes as "not great, not terrible" performance.