undefined | Better HN

0 pointslelanthran1mo ago0 comments

Are you talking about the cipher tests that are run when any cipher library is loaded?

There's a reason they do that and it's not for shits and giggles. You could find yourself with broken ciphers and not know it.

Skipping the cipher (or hash - not sure now) tests seem like a good way to get exploited.

0 comments

nvme0n1p11mo ago

Zig doesn't run any code from the dll that never gets loaded, of course. Why run tests for code that is never called? If another part of your app does load the dll, the tests will still run.

josephcsible1mo ago

> Skipping the cipher (or hash - not sure now) tests seem like a good way to get exploited.

Can you explain how? That doesn't seem plausible.

j / k navigate · click thread line to collapse