fun signersMustHaveCaBitSet() {
    val attackerCa =
      HeldCertificate
        .Builder()
        .serialNumber(1L)
        .certificateAuthority(4)
        .commonName("attacker ca")
        .build()
    val attackerIntermediate =
      HeldCertificate
        .Builder()
        .serialNumber(2L)
        .certificateAuthority(3)
        .commonName("attacker")
        .signedBy(attackerCa)

    # Return some error
    ...
```

But by using the `secrets.compare_digest()` it will be secure against a type of attacks called "timing attacks".

### Timing Attacks { #timing-attacks }

But what's a "timing attack"?

Let's imagine some attackers are trying to guess the username and password.

And they send a request with a username `johndoe` and a password `love123`.

    @Nonnull
    Optional<Path> getPath(@Nonnull Project project);

    /**
     * Returns an immutable collection of attached artifacts for the given project.
     * Attached artifacts are secondary artifacts produced during the build (e.g., sources jar,
     * javadoc jar, test jars). These artifacts are created and attached during specific
     * lifecycle phases, so the collection contents depend on the build phase when this method
     * is called.

  fun headers(name: String): List<String> = headers.values(name)

  /** Returns the tag attached with [T] as a key, or null if no tag is attached with that key. */
  @JvmName("reifiedTag")
  inline fun <reified T : Any> tag(): T? = tag(T::class)

  /** Returns the tag attached with [type] as a key, or null if no tag is attached with that key. */
  fun <T : Any> tag(type: KClass<T>): T? = type.java.cast(tags[type])

  /**

    # Return some error
    ...
```

Pero al usar `secrets.compare_digest()` será seguro contra un tipo de ataques llamados "timing attacks".

### Timing Attacks

¿Pero qué es un "timing attack"?

Imaginemos que algunos atacantes están tratando de adivinar el nombre de usuario y la contraseña.

Y envían un request con un nombre de usuario `johndoe` y una contraseña `love123`.

		return errServerNotInitialized
	}

	started := tracker.Started
	if started.IsZero() || started.Equal(timeSentinel) {
		healingLogIf(ctx, fmt.Errorf("unexpected tracker healing start time found: %v", started))
		started = time.Time{}
	}

	// Final tracer update before quitting
	defer func() {
		tracker.setObject("")
		tracker.setBucket("")
		healingLogIf(ctx, tracker.update(ctx))
	}()

import jcifs.internal.smb2.nego.PreauthIntegrityNegotiateContext;

/**
 * Enhanced Pre-Authentication Integrity Service for SMB 3.1.1.
 *
 * Provides comprehensive pre-authentication integrity protection against
 * downgrade attacks by maintaining cryptographic hash chains of all
 * negotiation and session setup messages.
 */
public class PreauthIntegrityService {

    # Return some error
    ...
```

Porém, ao utilizar o `secrets.compare_digest()`, isso estará seguro contra um tipo de ataque chamado "timing attacks" (ataques de temporização).

### Ataques de Temporização

Mas o que é um "timing attack" (ataque de temporização)?

Vamos imaginar que alguns invasores estão tentando adivinhar o usuário e a senha.

		tracker.resetHealing()
		bugLogIf(ctx, tracker.update(ctx))

		return errRetryHealing
	}

	if tracker.ItemsFailed > 0 {
		healingLogEvent(ctx, "Healing of drive '%s' is incomplete, retried %d times (healed: %d, skipped: %d, failed: %d).", disk,
			tracker.RetryAttempts, tracker.ItemsHealed, tracker.ItemsSkipped, tracker.ItemsFailed)

     * @return session instance with the given type
     */
    <T extends SmbSession> T unwrap(Class<T> type);

    /**
     * Returns the CIFS context that this session is attached to.
     *
     * @return the context this session is attached to
     */
    CIFSContext getContext();