* Array of descriptive strings for each DOS error condition.
     */
    String[] DOS_ERROR_MESSAGES = { "The operation completed successfully.", "Incorrect function.", "Incorrect function.",
            "The system cannot find the file specified.", "Bad password.", "The system cannot find the path specified.", "reserved",

     * Array of descriptive strings for each DOS error condition.
     */
    String[] DOS_ERROR_MESSAGES = { "The operation completed successfully.", "Incorrect function.", "Incorrect function.",
            "The system cannot find the file specified.", "Bad password.", "The system cannot find the path specified.", "reserved",

#### The time to answer helps the attackers { #the-time-to-answer-helps-the-attackers }

At that point, by noticing that the server took some microseconds longer to send the "Incorrect username or password" response, the attackers will know that they got _something_ right, some of the initial letters were right.

  public void testEntrySet_hashCode_size0() {
    assertEquals(
        "multiset.entrySet() has incorrect hash code", 0, getMultiset().entrySet().hashCode());
  }

  @CollectionSize.Require(ONE)
  public void testEntrySet_hashCode_size1() {
    assertEquals(
        "multiset.entrySet() has incorrect hash code",
        1 ^ e0().hashCode(),
        getMultiset().entrySet().hashCode());
  }

  public void testEntrySet_hashCode_size0() {
    assertEquals(
        "multiset.entrySet() has incorrect hash code", 0, getMultiset().entrySet().hashCode());
  }

  @CollectionSize.Require(ONE)
  public void testEntrySet_hashCode_size1() {
    assertEquals(
        "multiset.entrySet() has incorrect hash code",
        1 ^ e0().hashCode(),
        getMultiset().entrySet().hashCode());
  }

그런데 공격자들이 사용자명을 `stanleyjobsox`, 비밀번호를 `love123`으로 다시 시도합니다.

그러면 애플리케이션 코드는 다음과 비슷하게 동작합니다:

```Python
if "stanleyjobsox" == "stanleyjobson" and "love123" == "swordfish":
    ...
```

Python은 두 문자열이 같지 않다는 것을 알아차리기 전까지 `stanleyjobsox`와 `stanleyjobson` 양쪽의 `stanleyjobso` 전체를 비교해야 합니다. 그래서 "Incorrect username or password"라고 응답하기까지 추가로 몇 마이크로초가 더 걸릴 것입니다.

        assertTrue(a.getScope().equals("test"), "Incorrect scope for " + a.getDependencyConflictId());

        // transitive dep, overridden b depMgmt
        assertTrue(b.getScope().equals("runtime"), "Incorrect scope for " + b.getDependencyConflictId());

        // direct dep, overrides depMgmt
        assertTrue(c.getScope().equals("runtime"), "Incorrect scope for " + c.getDependencyConflictId());
    }

    if not user_dict:
        raise HTTPException(status_code=400, detail="Incorrect username or password")
    user = UserInDB(**user_dict)
    hashed_password = fake_hash_password(form_data.password)
    if not hashed_password == user.hashed_password:
        raise HTTPException(status_code=400, detail="Incorrect username or password")

    return {"access_token": user.username, "token_type": "bearer"}

waarde is onjuist",badDate:"U heeft niet de juiste datum aangegeven",badDomain:"Incorrect domein",badEmail:"U heeft een onjuist e-mailadres ingevoerd ",badInt:"De ingevoerde waarde was een onjuist getal",badNumberOfSelectedOptionsEnd:" antwoorden",badNumberOfSelectedOptionsStart:"U moet tenminste ",badSecurityAnswer:"U heeft de beveilingsvraag onjuist beantwoord",badSecurityNumber:"Uw burgerservicenummer was incorrect",badStrength:"Het wachtwoord is niet veilig genoeg",badTelephone:"U heeft een onjuist...

    if not user_dict:
        raise HTTPException(status_code=400, detail="Incorrect username or password")
    user = UserInDB(**user_dict)
    hashed_password = fake_hash_password(form_data.password)
    if not hashed_password == user.hashed_password:
        raise HTTPException(status_code=400, detail="Incorrect username or password")

    return {"access_token": user.username, "token_type": "bearer"}