如何看待微軟發布的一個87K的庫帶了約760M測試數據?

https://twitter.com/bcrypt/status/674681155807916032


是這樣的,那個庫是 MSR 出的一個用 JavaScript 寫的加密庫:Microsoft Research JavaScript Cryptography Library

MSR JavaScript Cryptography Library

The Microsoft Research JavaScript Cryptography Library has been developed for use with cloud services in an HTML5 compliant and forward-looking manner. The algorithms are exposed via the W3C WebCrypto interface, and are tested against the Microsoft Edge implementation of that interface. The library currently supports RSA encrypt/decrypt (PKCS#1 v1.5, OAEP, and PSS), AES-CBC and GCM encrypt/decrypt, SHA-256/384/512, HMAC with supported hash functions, PRNG (AES-CTR based) as specified by NIST, ECDH, ECDSA, and KDF (Concat mode). The library is tested on IE8,9,10,11, Microsoft Edge and latest Firefox, Chrome, Opera, and Safari browsers. This library includes big-number integer arithmetic to support the aforementioned cryptographic algorithms. It supports unsigned big integer arithmetic with addition, subtraction, multiplication, division, reduction, inversion, GCD, extended Euclidean algorithm (EEA), Montgomery multiplication, and modular exponentiation. It provides useful utility functions, such as endianness management and conversion routines. The big integer library is likely to change in future releases. There are also unit tests and some sample code. This library is under active development. Future updates to this library may change the programming interfaces.

眾所周知加密解密為了保證安全,需要的測試要比普通程序嚴謹很多,而且這個加密庫實現了多種演算法,測試量自然水漲船高了。


出Bug的時候你們怪人家不好好測試,

現在又嫌人家測試數據太多。

真難伺候。


樓主搭電梯時候有沒有想過為啥帶個百十來斤的樓主上樓需要一個好幾百斤的鐵皮箱子,為啥不能吊根繩下來拉著繩上去呢


所以微軟的東西bug就是比較少啊。


imagenet笑而不語啊


Apple http://iCloud.com 之前把測試數據發布到正式版,下載到用戶瀏覽器里呢,怎麼看,嚴謹哈。


寫一個語音模型訓練程序幾百k 測試它用的數據少說也得幾十g吧


大公司的嚴謹


大公司的嚴謹和死板。

當年就有人提到說微軟的Surface賣的不好部分原因是Surface RT (Runtime)這個名字起得不好,

這兩件事情如出一轍,都只是站在工程師的角度考慮,不會站在普通用戶的角度。

為了顯示自己的嚴謹完全可以把測試數據分開下載,

一般的用戶:我就是想單純的用個庫,怎麼測試的干我鳥事


推薦閱讀:

中國五大銀行的加密方式主要用的什麼方式?
如何理解"語義安全(semantic security)"?
如何在公開情況下進行私密通訊?
學過密碼學的人會不會自己創造一套密碼?
在讀密碼學英文文獻的時候,總是會遇到一些專業辭彙或短語搭配,但是上網查找又查不到,有什麼好辦法呢?

TAG:微軟Microsoft | JavaScript | 密碼學 | 釣魚廣義的 |