Der Dieb kann also nicht versuchen, die gleichen Passwörter in einem anderen System zu verwenden (da viele Benutzer überall das gleiche Passwort verwenden, wäre dies gefährlich).

## `pwdlib` installieren { #install-pwdlib }

pwdlib ist ein großartiges Python-Package, um Passwort-Hashes zu handhaben.

If your database is stolen, the thief won't have your users' plaintext passwords, only the hashes.

So, the thief won't be able to try to use that password in another system (as many users use the same password everywhere, this would be dangerous).

## Install `pwdlib` { #install-pwdlib }

pwdlib is a great Python package to handle password hashes.

It supports many secure hashing algorithms and utilities to work with them.

 */
@NullUnmarked
public class HashingOutputStreamTest extends TestCase {
  private Hasher hasher;
  private HashFunction hashFunction;
  private final ByteArrayOutputStream buffer = new ByteArrayOutputStream();

  @SuppressWarnings("DoNotMock")
  @Override
  protected void setUp() throws Exception {
    super.setUp();
    hasher = mock(Hasher.class);
    hashFunction = mock(HashFunction.class);

    assertThrows(IllegalStateException.class, () -> hasher.putInt(42));
  }

  public void testHashTwice() {
    Hasher hasher = sha512().newHasher();

    assertThat(
            hasher
                .putString("The quick brown fox jumps over the lazy dog", UTF_8)
                .hash()
                .toString())

    assertThat(map.values().toString()).isEqualTo("[" + JOINER.join(map.values()) + "]");

    assertEquals(new HashSet<>(map.entrySet()), map.entrySet());
    assertEquals(new HashSet<>(map.keySet()), map.keySet());
  }

    assertThat(map.values().toString()).isEqualTo("[" + JOINER.join(map.values()) + "]");

    assertEquals(new HashSet<>(map.entrySet()), map.entrySet());
    assertEquals(new HashSet<>(map.keySet()), map.keySet());
  }

        .isEqualTo(InetAddresses.forString("0.0.0.0"));

    // test compat address (should be hashed)
    assertThat(InetAddresses.getCoercedIPv4Address(InetAddresses.forString("::1.2.3.4")))
        .isNotEqualTo(InetAddresses.forString("1.2.3.4"));

    // test 6to4 address (should be hashed)
    assertThat(InetAddresses.getCoercedIPv4Address(InetAddresses.forString("2002:0102:0304::1")))

        Set<String> roleSet = new HashSet<>();
        roleQueryHelperImpl.processParameter(request, roleSet);
        return roleSet;
    }

    private Set<String> buildByHeader(final RoleQueryHelper roleQueryHelperImpl, final HttpServletRequest request) {
        Set<String> roleSet = new HashSet<>();
        roleQueryHelperImpl.processHeader(request, roleSet);
        return roleSet;

  public void testParanoid() {
    HashFn hf =
        new HashFn() {
          @Override
          public byte[] hash(byte[] input, int seed) {
            Hasher hasher = murmur3_128(seed).newHasher();
            byteArrayFunnel().funnel(input, hasher);
            return hasher.hash().asBytes();
          }
        };
    // Murmur3F, MurmurHash3 for x64, 128-bit (MurmurHash3_x64_128)

    @CanIgnoreReturnValue
    @Override
    public Hasher putInt(int i) {
      update(4, i);
      return this;
    }

    @CanIgnoreReturnValue
    @Override
    public Hasher putLong(long l) {
      update(4, (int) l);
      update(4, l >>> 32);
      return this;
    }

    @CanIgnoreReturnValue
    @Override
    public Hasher putChar(char c) {
      update(2, c);
      return this;