diff --git a/CHANGELOG.md b/CHANGELOG.md
index d5c87db..d340e26 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,6 +4,12 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [Unreleased]
+
+### Changed
+
+- Implement `BLAKE3` for PIN hashing.
+
 ## [1.2.2] - 2023-01-25
 
 ### Fixed
diff --git a/src/ZGoBackend.hs b/src/ZGoBackend.hs
index 8485a92..db35406 100644
--- a/src/ZGoBackend.hs
+++ b/src/ZGoBackend.hs
@@ -797,6 +797,10 @@ routes pipe config = do
   post "/api/validateuser" $ do
     providedPin <- param "pin"
     sess <- param "session"
+    let pinHash =
+          BLK.hash
+            [ BA.pack . BS.unpack . C.pack . T.unpack $ providedPin <> sess :: BA.Bytes
+            ]
     user <- liftAndCatchIO $ run (findUser sess)
     case user of
       Nothing -> status noContent204 --`debug` "No user match"
@@ -805,7 +809,10 @@ routes pipe config = do
         case parsedUser of
           Nothing -> status noContent204 --`debug` "Couldn't parse user"
           Just pUser -> do
-            let ans = upin pUser == T.pack providedPin
+            let ans =
+                  upin pUser ==
+                  (T.pack . show $
+                   (pinHash :: BLK.Digest BLK.DEFAULT_DIGEST_LEN))
             if ans
               then do
                 liftAndCatchIO $ run (validateUser sess)