double avgTime = timings.stream().mapToLong(Long::longValue).average().orElse(0.0);
                long maxTime = timings.stream().mapToLong(Long::longValue).max().orElse(0L);
                long minTime = timings.stream().mapToLong(Long::longValue).min().orElse(0L);

                double variance = (maxTime - minTime) / avgTime;
                // JVM timing in concurrent scenarios is inherently variable

    # Return some error
    ...
```

But by using the `secrets.compare_digest()` it will be secure against a type of attacks called "timing attacks".

### Timing Attacks { #timing-attacks }

But what's a "timing attack"?

Let's imagine some attackers are trying to guess the username and password.

And they send a request with a username `johndoe` and a password `love123`.

import org.codelibs.fess.exception.FessSystemException;
import org.codelibs.fess.util.ComponentUtil;

/**
 * Helper class for controlling crawler execution intervals and timing.
 * This class manages crawler execution timing based on configurable rules
 * that can specify different delays for different time periods and days.
 */
public class IntervalControlHelper {

```Python
if not (credentials.username == "stanleyjobson") or not (credentials.password == "swordfish"):
    # 어떤 오류를 반환
    ...
```

하지만 `secrets.compare_digest()`를 사용하면 "timing attacks"라고 불리는 한 유형의 공격에 대해 안전해집니다.

### 타이밍 공격 { #timing-attacks }

그렇다면 "timing attack"이란 무엇일까요?

공격자들이 사용자명과 비밀번호를 추측하려고 한다고 가정해봅시다.

그리고 사용자명 `johndoe`, 비밀번호 `love123`으로 요청을 보냅니다.

그러면 애플리케이션의 Python 코드는 대략 다음과 같을 것입니다:

```Python

* load balancer: load balancer (do not translate to "balanceador de carga")
* load balance: load balance (do not translate to "balancear carga")
* self hosting: self hosting (do not translate to "auto alojamiento")

    /**
     * Attaches [tag] to the request using [T] as a key. Tags can be read from a request using
     * [Request.tag]. Use null to remove any existing tag assigned for [T].
     *
     * Use this API to attach timing, debugging, or other application data to a request so that
     * you may read it in interceptors, event listeners, or callbacks.
     */
    @JvmName("reifiedTag")

        return new EncryptionResult(ciphertext, authTag);
    }

    /**
     * Perform constant-time encryption to prevent timing attacks
     */
    private byte[] performConstantTimeEncryption(Cipher cipher, byte[] message) throws Exception {
        // Pad to fixed block size to prevent timing leaks
        int blockSize = cipher.getBlockSize();
        if (blockSize == 0)
            blockSize = 16; // GCM mode

 * whereToDiffer} produces no observable change in performance. We want to make sure that the array
 * equals implementation is *not* short-circuiting to prevent timing-based attacks. Being fast is
 * only a secondary goal.
 *
 * @author Kurt Alfred Kluever
 */
@NullUnmarked
public class HashCodeBenchmark {

* Pydantic model: Pydantic-модель (`модель Pydantic` and `Pydantic модель` are also fine)
* declare: объявить
* have the next best performance, after: быть на следующем месте по производительности после
* timing attack: тайминговая атака (clarify `атака по времени` if needed)
* OAuth2 scope: OAuth2 scope (clarify `область` if needed)
* TLS Termination Proxy: прокси-сервер TSL-терминации
* utilize (resources): использовать

 * whereToDiffer} produces no observable change in performance. We want to make sure that the array
 * equals implementation is *not* short-circuiting to prevent timing-based attacks. Being fast is
 * only a secondary goal.
 *
 * @author Kurt Alfred Kluever
 */
@NullUnmarked
public class HashCodeBenchmark {