# Return some error
    ...
```

But by using the `secrets.compare_digest()` it will be secure against a type of attacks called "timing attacks".

### Timing Attacks { #timing-attacks }

But what's a "timing attack"?

Let's imagine some attackers are trying to guess the username and password.

And they send a request with a username `johndoe` and a password `love123`.

### Hardware attacks

Physical GPUs or TPUs can also be the target of attacks. [Published
research](https://scholar.google.com/scholar?q=gpu+side+channel) shows that it
might be possible to use side channel attacks on the GPU to leak data from other
running models or processes in the same system. GPUs can also have
implementation bugs that might allow attackers to leave malicious code running

    # Return some error
    ...
```

Porém, ao utilizar o `secrets.compare_digest()`, isso estará seguro contra um tipo de ataque chamado "timing attacks" (ataques de temporização).

### Ataques de Temporização { #timing-attacks }

Mas o que é um "timing attack" (ataque de temporização)?

Vamos imaginar que alguns invasores estão tentando adivinhar o usuário e a senha.

/**
 * Utility for serializing objects with security protections.
 * <p>
 * This utility provides object serialization and deserialization with built-in
 * security protections against deserialization attacks. By default, it uses an
 * ObjectInputFilter to restrict which classes can be deserialized.
 * </p>
 * <p>
 * The default filter allows common safe classes like primitives, arrays, String,

/**
 * Utility class for handling {@link File}.
 * <p>
 * <strong>SECURITY NOTE:</strong> When accepting file paths from untrusted sources,
 * always validate them using {@link #isPathSafe(Path, Path)} to prevent path traversal attacks.
 * Methods that accept path strings do not perform automatic validation to maintain backward compatibility.
 * </p>
 *
 * @author higa
 */
public abstract class FileUtil {

    /**
     * Do not instantiate.

 */
package jcifs.ntlmssp.av;

import jcifs.internal.util.SMBUtil;

/**
 * NTLMSSP AV pair representing timestamp information in NTLM authentication.
 * Contains time-based data used to prevent replay attacks and ensure message freshness.
 *
 * @author mbechler
 */
public class AvTimestamp extends AvPair {

    /**
     * Constructs an AvTimestamp from raw byte data
     *

Замечая, что сервер прислал «Неверное имя пользователя или пароль» на несколько микросекунд позже, злоумышленники поймут, что какая-то часть была угадана — начальные буквы верны.

Тогда они могут попробовать снова, зная, что правильнее что-то ближе к `stanleyjobsox`, чем к `johndoe`.

#### «Профессиональная» атака { #a-professional-attack }

    return text % make_authorization_url()


def make_authorization_url():
    # Generate a random string for the state parameter
    # Save it for use later to prevent xsrf attacks

    state = str(uuid4())
    params = {"client_id": client_id,
              "response_type": "code",
              "state": state,
              "redirect_uri": callback_uri,
              "scope": "openid"}

- **Encryption Context**: Per-session encryption state management
- **Key Derivation**: SMB3 KDF implementation with dialect-specific parameters
- **Pre-Authentication Integrity**: SMB 3.1.1 PAI for preventing downgrade attacks
- **Automatic Detection**: Encryption automatically enabled when servers require it
- **Secure Key Management**: Proper key derivation and nonce generation

### Core Features

import java.util.Collection;
import java.util.Map;
import org.jspecify.annotations.Nullable;

/**
 * An implementation of ImmutableMultiset backed by a JDK Map and a list of entries. Used to protect
 * against hash flooding attacks.
 *
 * @author Louis Wasserman
 */
@GwtCompatible
final class JdkBackedImmutableMultiset<E> extends ImmutableMultiset<E> {
  private final Map<E, Integer> delegateMap;
  private final ImmutableList<Entry<E>> entries;