If you think you found a vulnerability, and even if you are not sure about it, please report it right away by sending an email to: ******@****.***. Please try to be as explicit as possible, describing all the steps and example code to reproduce the security issue.

I (the author, [@tiangolo](https://x.com/tiangolo)) will review it thoroughly and get back to you.

## Public Discussions

* If you can't understand the question, ask for more **details**.

### Reproduce the problem { #reproduce-the-problem }

For most of the cases and most of the questions there's something related to the person's **original code**.

In many cases they will only copy a fragment of the code, but that's not enough to **reproduce the problem**.

// are met:
// 1. Redistributions of source code must retain the above copyright
//    notice, this list of conditions and the following disclaimer.
// 2. Redistributions in binary form must reproduce the above copyright
//    notice, this list of conditions and the following disclaimer in the
//    documentation and/or other materials provided with the distribution.
//

* Si no puedes entender la pregunta, pide más **detalles**.

### Reproduce el problema

En la mayoría de los casos y preguntas hay algo relacionado con el **código original** de la persona.

        byte[] signingKey2 = Smb3KeyDerivation.deriveSigningKey(dialect, sessionKey, preauthIntegrity);

        // Then - should produce identical results
        assertArrayEquals(signingKey1, signingKey2, "Same input should produce same output");
    }

    @Test
    @DisplayName("Should handle empty session key")
    void testDeriveKeys_EmptySessionKey() {
        // Given

        hmac.engineUpdate(TEST_DATA, 0, TEST_DATA.length);
        byte[] result2 = hmac.engineDigest();

        // Should produce the same result
        assertArrayEquals(result1, result2);
    }

    @Test
    void testDifferentKeysProduceDifferentResults() {
        // Test that different keys produce different results
        byte[] key1 = "key1".getBytes();
        byte[] key2 = "key2".getBytes();

        // Assert
        assertArrayEquals(expected, actual, "NT hash must match known test vector");
    }

    @Test
    @DisplayName("getNTHash: verify different passwords produce different hashes")
    void testGetNTHash_differentPasswords() {
        // Arrange
        String password1 = "password";
        String password2 = "Password";

        // Act

            if (input == null || input.isEmpty()) {
                assertEquals(0, result.length, "Null or empty input should produce empty array");
            } else {
                assertTrue(result.length > 0, "Non-empty input should produce non-empty array");
            }
        }
    }

    @Nested
    @DisplayName("Unicode and ASCII Encoding")
    class UnicodeAndASCIITests {

        // When
        MessageDigest hmac = Crypto.getHMACT64(key);
        byte[] result = hmac.digest(data);

        // Then
        assertNotNull(result);
        assertTrue(result.length > 0, "HMAC-T64 should produce non-empty result");
    }

    @Test
    @DisplayName("Should perform RC4 encryption/decryption")
    void testRC4() throws Exception {
        // Given
        byte[] key = "testkey123456789".getBytes(); // 16 bytes

        byte[] buffer2 = new byte[200];
        int encoded2 = request2.encode(buffer2, 0);
        assertEquals(request2.size(), encoded2);
    }

    @Test
    @DisplayName("Test multiple encodes produce same result")
    void testMultipleEncodesProduceSameResult() {
        // Setup
        String pipeName = "RepeatedEncode";
        long timeout = 3000L;