wantErr: policyCondFailedErr,
		},
		{
			name:    "incorrect bucket name",
			fv:      defaultFormVals.Clone().Set("Bucket", "incorrect"),
			wantErr: policyCondFailedErr,
		},
		{
			name:    "incorrect ContentType",
			fv:      defaultFormVals.Clone().Set(xhttp.ContentType, "incorrect"),
			wantErr: policyCondFailedErr,
		},
		{
			name:    "incorrect X-Amz-Algorithm",

     * Array of descriptive strings for each DOS error condition.
     */
    String[] DOS_ERROR_MESSAGES = { "The operation completed successfully.", "Incorrect function.", "Incorrect function.",
            "The system cannot find the file specified.", "Bad password.", "The system cannot find the path specified.", "reserved",

     * Array of descriptive strings for each DOS error condition.
     */
    String[] DOS_ERROR_MESSAGES = { "The operation completed successfully.", "Incorrect function.", "Incorrect function.",
            "The system cannot find the file specified.", "Bad password.", "The system cannot find the path specified.", "reserved",

#### The time to answer helps the attackers { #the-time-to-answer-helps-the-attackers }

At that point, by noticing that the server took some microseconds longer to send the "Incorrect username or password" response, the attackers will know that they got _something_ right, some of the initial letters were right.

  public void testEntrySet_hashCode_size0() {
    assertEquals(
        "multiset.entrySet() has incorrect hash code", 0, getMultiset().entrySet().hashCode());
  }

  @CollectionSize.Require(ONE)
  public void testEntrySet_hashCode_size1() {
    assertEquals(
        "multiset.entrySet() has incorrect hash code",
        1 ^ e0().hashCode(),
        getMultiset().entrySet().hashCode());
  }

  public void testEntrySet_hashCode_size0() {
    assertEquals(
        "multiset.entrySet() has incorrect hash code", 0, getMultiset().entrySet().hashCode());
  }

  @CollectionSize.Require(ONE)
  public void testEntrySet_hashCode_size1() {
    assertEquals(
        "multiset.entrySet() has incorrect hash code",
        1 ^ e0().hashCode(),
        getMultiset().entrySet().hashCode());
  }

그런데 공격자들이 사용자명을 `stanleyjobsox`, 비밀번호를 `love123`으로 다시 시도합니다.

그러면 애플리케이션 코드는 다음과 비슷하게 동작합니다:

```Python
if "stanleyjobsox" == "stanleyjobson" and "love123" == "swordfish":
    ...
```

Python은 두 문자열이 같지 않다는 것을 알아차리기 전까지 `stanleyjobsox`와 `stanleyjobson` 양쪽의 `stanleyjobso` 전체를 비교해야 합니다. 그래서 "Incorrect username or password"라고 응답하기까지 추가로 몇 마이크로초가 더 걸릴 것입니다.

        assertTrue(a.getScope().equals("test"), "Incorrect scope for " + a.getDependencyConflictId());

        // transitive dep, overridden b depMgmt
        assertTrue(b.getScope().equals("runtime"), "Incorrect scope for " + b.getDependencyConflictId());

        // direct dep, overrides depMgmt
        assertTrue(c.getScope().equals("runtime"), "Incorrect scope for " + c.getDependencyConflictId());
    }

     */
    String[] NT_STATUS_MESSAGES = { "The operation completed successfully.", "A device attached to the system is not functioning.",
            "Incorrect function.", "The parameter is incorrect.", "Invalid access to memory location.", "The handle is invalid.",
            "The parameter is incorrect.", "The system cannot find the file specified.", "The system cannot find the file specified.",

    if not user_dict:
        raise HTTPException(status_code=400, detail="Incorrect username or password")
    user = UserInDB(**user_dict)
    hashed_password = fake_hash_password(form_data.password)
    if not hashed_password == user.hashed_password:
        raise HTTPException(status_code=400, detail="Incorrect username or password")

    return {"access_token": user.username, "token_type": "bearer"}