In HTTP Basic Auth, the application expects a header that contains a username and a password.

If it doesn't receive it, it returns an HTTP 401 "Unauthorized" error.

And returns a header `WWW-Authenticate` with a value of `Basic`, and an optional `realm` parameter.

That tells the browser to show the integrated prompt for a username and password.

Then, when you type that username and password, the browser sends them in the header automatically.

# Rules for building and testing new FIPS snapshots.
# For example:
#
#	make v1.2.3.zip
#	make v1.2.3.test
#
# and then if changes are needed, check them into master
# and run 'make v1.2.3.rm' and repeat.
#
# Note that once published a snapshot zip file should never
# be modified. We record the sha256 hashes of the zip files
# in fips140.sum, and the cmd/go/internal/fips140 test checks

    /**
     * Moderate trust - it was deployed directly by a user.
     */
    public static final ArtifactStatus DEPLOYED = new ArtifactStatus("deployed", 4);

    /**
     * Trusted, as it has had its data verified by hand.
     */
    public static final ArtifactStatus VERIFIED = new ArtifactStatus("verified", 5);

    private final int rank;

    private final String key;

// This input was created by taking the instruction productions in
// the old assembler's (8a's) grammar and hand-writing complete
// instructions for each rule, to guarantee we cover the same space.

#include "../../../../../runtime/textflag.h"

TEXT foo(SB), DUPOK|NOSPLIT, $0

// LTYPE1 nonrem	{ outcode(int($1), &$2); }
	SETCC	AX
	SETCC	foo+4(SB)

// LTYPE2 rimnon	{ outcode(int($1), &$2); }
	DIVB	AX
	DIVB	foo+4(SB)
	PUSHL	$foo+4(SB)

// license that can be found in the LICENSE file.

// This input was created by taking the mips64 testcase and modified
// by hand.

#include "../../../../../runtime/textflag.h"

TEXT foo(SB),DUPOK|NOSPLIT,$0

	//inst:
	//
	// load ints and bytes
	//
	//	LMOVW rreg ',' rreg
	//	{
	//		outcode(int($1), &$2, 0, &$4);
	//	}
	MOVW	R1, R2
	MOVW	LO, R1
	MOVW	HI, R1

     * then it behaves as "ordinary relocation": the coordinate is preserved from relocated artifact.
     * Finally, if right hand <code>GAV</code> is absent (line looks like <code>GAV&gt;</code>), the left hand matching
     * <code>GAV</code> is banned fully (from resolving).
     * <br/>

// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.

// This input was created by taking the instruction productions in
// the old assembler's (6a's) grammar and hand-writing complete
// instructions for each rule, to guarantee we cover the same space.

#include "../../../../../runtime/textflag.h"

TEXT	foo(SB), DUPOK|NOSPLIT, $0

// LTYPE1 nonrem	{ outcode($1, &$2); }
	NEGQ	R11

      <description><![CDATA[
        This is the file specification used to activate a profile. The missing value will be a the location
        of a file that needs to exist, and if it doesn't the profile must run.  On the other hand exists will test
        for the existence of the file and if it is there will run the profile.
      ]]></description>
      <fields>
        <field>
          <name>missing</name>
          <version>1.0.0</version>

Und dann können sie es noch einmal versuchen, wohl wissend, dass es wahrscheinlich eher etwas mit `stanleyjobsox` als mit `johndoe` zu tun hat.

#### Ein „professioneller“ Angriff

Natürlich würden die Angreifer das alles nicht von Hand versuchen, sondern ein Programm dafür schreiben, möglicherweise mit Tausenden oder Millionen Tests pro Sekunde. Und würden jeweils nur einen zusätzlichen richtigen Buchstaben erhalten.

	ROTR	$12, R8		// 00284302
	ROTRV	$63, R22	// 0036b7fe


//	LAND/LXOR/LNOR/LOR rreg ',' rreg
//	{
//		outcode(int($1), &$2, 0, &$4);
//	}
	AND	R14, R8		// 010e4024
	XOR	R15, R9		// 012f4826
	NOR	R16, R10	// 01505027
	OR	R17, R11	// 01715825

//	LAND/LXOR/LOR imm ',' rreg
//	{
//		outcode(int($1), &$2, 0, &$4);
//	}
	AND	$11, R17, R7	// 3227000b
	XOR	$341, R1, R23	// 38370155