Home Original page

Replace "github.com/minio/blake2b-simd" with "golang.org/x/crypto/blake2b"

"github.com/minio/blake2b-simd" is no longer maintained since 6 years ago. "golang.org/x/crypto/blake2b" can provide the same functionality with better performance and it is officially maintained by "golang.org".

A simple benchmark is here:

package main

import (
	"testing"

	b1 "github.com/minio/blake2b-simd"
	b2 "golang.org/x/crypto/blake2b"
)

var data = []byte("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890{}")

func BenchmarkMinioBlake2b(b *testing.B) {
	b.RunParallel(func(p *testing.PB) {
		for p.Next() {
			h := b1.New256()
			for range 100 {
				h.Write(data)
			}
			h.Sum(nil)
		}
	})
}

func BenchmarkXCryptoBlake2b(b *testing.B) {
	b.RunParallel(func(p *testing.PB) {
		for p.Next() {
			h, _ := b2.New256(nil)
			for range 100 {
				h.Write(data)
			}
			h.Sum(nil)
		}
	})
}

The result is:

goos: linux
goarch: amd64
pkg: blake2bbench
cpu: Intel(R) Core(TM) i5-10200H CPU @ 2.40GHz
BenchmarkMinioBlake2b-8           743415              1540 ns/op              32 B/op          1 allocs/op
BenchmarkXCryptoBlake2b-8         915026              1294 ns/op             416 B/op          2 allocs/op
PASS
ok      blake2bbench    3.301s

"golang.org/x/crypto/blake2b" is about 15% faster than "github.com/minio/blake2b-simd".

I think it is worth to replace this dependency because of both security and perfermance.