How do you define “more secure”?

md5 and SHA1 are broken, so probably…. Has this had as any eyes as SHA256/512?

I know I shouldn’t mention the NSA and NIST, but those guys are the people who approve algorithms for US Gov. what do they say?

If us gov (read NSA) approves some algorithms it's safe to assume that no one should use them anywhere.

No, it does not.

The U.S government is very interested in having secure algorithms that companies can use and be secure against espionage from rival powers.

The NSA were the first to imply that they had broken RC4, MD5 and SHA1. Based on previous recommendations and statements the NSA has made, it's estimated that their cryptographic knowledge and techniques are at least 10 years ahead of what is available in academia (although Google seem to be catching them). What tends to happen is that NIST change their recommendations and 5 years later we figure out why... In any case, you can't sell to US government without using algorithms they approve so - yeah those are the ones that you need to use.

The question is who is claiming BLAKE3 is better, and what puts them in a position to make that claim. If BLAKE3 is broken, it's probably going to be broken by the NSA first, and they aren't going to tell anyone (unless it's an algorithm they recommend for US Gov usage).

Of course, the NSA have screwed up in the past, but they are still the "experts" until someone else (Google?) pays that many people to seriously work on computer security.

nope, they care more about the us govt backdooring them so that the nsa can spy on the whole world.

LOL that people actually think the NSA needs to release broken crypto. It's much easier to get a job as a janitor and stick a USB stick into any computer you need to... For some reason we simply accept "if you have physical access you can get all the data". In any case, it's a bit of PITA if someone notices your vulnerability and fixes it.

NSA was also the ones sending their people into crypto organizations to put magic numbers into the algorithms that made cracking easy. The US government doesn't care about people or companies unless they posses information damaging to the politicians in charge.

I think you are referring to the S-boxes in SHA1. Yes - no-one understood what they did at the time and it was suspicious, but they held up cryptanalysis for 5 years more than the algorithm would have without them. Since then we realised "hey, maybe those guys did know what they were doing"

Blake3 is based on Blake2 which is based on ChaCha/Salsa's permutation, and Blake2 has received quite some cryptanalysis and was found to be very conservative. Too conservative for the authors, actually, which is why they reduced the number of rounds for Blake3 to gain some speed.

The majority of speed however comes from parallelized hashing of chunks of a file and combining the resulting hashes in a tree-like structure until you're at the root and have a single hash for the full file.