top | item 47064024

(no title)

nvme0n1p1 | 11 days ago

What makes you think they haven't benchmarked?

Here's one fun example from following development on Zulip: advapi.dll loads bcrypt.dll, which loads bcryptprimitives.dll. bcryptprimitives.dll runs an internal test suite every time it's loaded into any process. So if you can avoid loading advapi.dll, your process will start faster.

discuss

delta_p_delta_x|11 days ago

Is there a source for this? My Google- and GitHub-fu turns up nothing.

lelanthran|11 days ago

He might be talking about cipher test that respected cryptography libs do on initialisation to verify integrity.

Skipping those seem like a really bad idea.

nvme0n1p1|11 days ago

Join their Zulip and search for bcryptprimitives. That's where I got my info.

lelanthran|11 days ago

Are you talking about the cipher tests that are run when any cipher library is loaded?

There's a reason they do that and it's not for shits and giggles. You could find yourself with broken ciphers and not know it.

Skipping the cipher (or hash - not sure now) tests seem like a good way to get exploited.

nvme0n1p1|11 days ago

Zig doesn't run any code from the dll that never gets loaded, of course. Why run tests for code that is never called? If another part of your app does load the dll, the tests will still run.

josephcsible|9 days ago

> Skipping the cipher (or hash - not sure now) tests seem like a good way to get exploited.

Can you explain how? That doesn't seem plausible.