public void secureWipeKeys() {
        if (this.encryptionKey != null) {
            // Multi-pass secure wipe for enhanced security
            SecureKeyManager.secureWipe(this.encryptionKey);
            this.encryptionKey = null;
        }
        if (this.decryptionKey != null) {
            // Multi-pass secure wipe for enhanced security
            SecureKeyManager.secureWipe(this.decryptionKey);
            this.decryptionKey = null;

    private static final String MESSAGE =
        "Guava cannot securely create temporary files or directories under SDK versions before"
            + " Jelly Bean. You can create one yourself, either in the insecure default directory"
            + " or in a more secure directory, such as context.getCacheDir(). For more information,"
            + " see the Javadoc for Files.createTempDir().";

 */
package jcifs.util;

import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;

import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.DestroyFailedException;

 * License along with this library; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
 */
package jcifs.internal.smb2;

import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.util.concurrent.locks.ReentrantLock;

import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.DestroyFailedException;
import javax.security.auth.Destroyable;

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/**
 * Secure credential storage with encryption at rest.
 *
 * Provides secure storage of passwords and other sensitive credentials
 * using AES-GCM encryption with PBKDF2 key derivation.
 *

 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
 */

package jcifs.smb;

import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.util.concurrent.atomic.AtomicInteger;

import javax.crypto.Cipher;

import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.util.Arrays;

        // Then
        assertNotNull(nonce1, "First secure nonce should not be null");
        assertNotNull(nonce2, "Second secure nonce should not be null");
        assertFalse(Arrays.equals(nonce1, nonce2), "Secure nonces should be different");
        assertTrue(nonce1.length > 0, "Secure nonce should have proper length");
    }

    @Test
    @DisplayName("Should handle concurrent secure nonce generation safely")

            }
        } finally {
            correctAuth.close();
            wrongAuth.close();
        }
    }

    /**
     * Test that null and empty password comparisons are handled securely.
     */
    @Test
    public void testNullAndEmptyPasswordSecurity() {
        NtlmPasswordAuthenticator auth1 = new NtlmPasswordAuthenticator("domain", "user", (String) null);

 * </ul>
 * <p>
 * <strong>Security Considerations:</strong>
 * </p>
 * <ul>
 * <li>Default Blowfish algorithm is suitable for general-purpose encryption</li>
 * <li>For high-security applications, consider using AES with GCM mode via {@link #setAlgorithm(String)} and {@link #setTransformation(String)}</li>
 * <li>Ensure keys are securely generated and stored</li>

import java.io.Serializable;
import java.io.UnsupportedEncodingException;
import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.security.Principal;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Map;
import java.util.Objects;
import java.util.Set;

import javax.security.auth.Subject;

import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.slf4j.Logger;