}
	if _, err := newErasureSets(ctx, ep, storageDisks, format, parity, 0); err != nil {
		t.Fatalf("Unable to initialize erasure")
	}
}

// TestHashedLayer - tests the hashed layer which will be returned
// consistently for a given object name.
func TestHashedLayer(t *testing.T) {
	// Test distribution with 16 sets.
	var objs [16]*erasureObjects
	for i := range objs {

        .isEqualTo(InetAddresses.forString("0.0.0.0"));

    // test compat address (should be hashed)
    assertThat(InetAddresses.getCoercedIPv4Address(InetAddresses.forString("::1.2.3.4")))
        .isNotEqualTo(InetAddresses.forString("1.2.3.4"));

    // test 6to4 address (should be hashed)
    assertThat(InetAddresses.getCoercedIPv4Address(InetAddresses.forString("2002:0102:0304::1")))

    ```Python hl_lines="8  49  56-57  60-61  70-76"
    {!> ../../../docs_src/security/tutorial004.py!}
    ```

!!! note
    If you check the new (fake) database `fake_users_db`, you will see how the hashed password looks like now: `"$2b$12$EixZaYVK1fsbw1ZfbX3OXePaWxn96p36WQoeG6Lruj3vjPGga31lW"`.

## Handle JWT tokens

Import the modules installed.

Create a random secret key that will be used to sign the JWT tokens.

This is especially the case for user models, because:

* The **input model** needs to be able to have a password.
* The **output model** should not have a password.
* The **database model** would probably need to have a hashed password.

!!! danger
    Never store user's plaintext passwords. Always store a "secure hash" that you can then verify.

                {
                    val schema = projectSchemaFor(pluginRequestsOf(scriptPlugins.first(), uniquePluginRequests)).get()
                    val hashed = HashedProjectSchema(schema)
                    scriptPlugins.map { hashed to it }
                },
                { (error, stdout, stderr) ->
                    reportProjectSchemaError(scriptPlugins, stdout, stderr, error)

	}

	// Symbol definitions
	h.Offsets[goobj.BlkSymdef] = w.Offset()
	for _, s := range ctxt.defs {
		w.Sym(s)
	}

	// Short hashed symbol definitions
	h.Offsets[goobj.BlkHashed64def] = w.Offset()
	for _, s := range ctxt.hashed64defs {
		w.Sym(s)
	}

	// Hashed symbol definitions
	h.Offsets[goobj.BlkHasheddef] = w.Offset()
	for _, s := range ctxt.hasheddefs {
		w.Sym(s)
	}

sealAVX2Tail128:
	// Need to decrypt up to 128 bytes - prepare two blocks
	// If we got here after the main loop - there are 512 encrypted bytes waiting to be hashed
	// If we got here before the main loop - there are 448 encrpyred bytes waiting to be hashed
	VMOVDQA ·chacha20Constants<>(SB), AA0
	VMOVDQA state1StoreAVX2, BB0
	VMOVDQA state2StoreAVX2, CC0
	VMOVDQA ctr3StoreAVX2, DD0
	VPADDD  ·avx2IncMask<>(SB), DD0, DD0

	}

	// Test FlagHashed (0x2). A valid flag must include FlagHashed
	if svc.Flags&FlagHashed == 0 {
		return nil, fmt.Errorf("Flags of successfully created IPVS service should enable the flag (%x) since every service is hashed into the service table", FlagHashed)
	}
	// Sub Flags to 0x2
	// 011 -> 001, 010 -> 000
	vs.Flags = ServiceFlags(svc.Flags &^ uint32(FlagHashed))

	if vs.Address == nil {

	r := f.r
	if f.arch == nil {
		return "", 0, nil
	}
	getSymData := func(s goobj.SymRef) []byte {
		if s.PkgIdx != goobj.PkgIdxHashed {
			// We don't need the data for non-hashed symbols, yet.
			panic("not supported")
		}
		i := uint32(s.SymIdx + uint32(r.NSym()+r.NHashed64def()))
		return r.BytesAt(r.DataOff(i), r.DataSize(i))
	}

	out := make([]byte, finishedVerifyLength)
	h.prf(out, masterSecret, serverFinishedLabel, h.Sum())
	return out
}

// hashForClientCertificate returns the handshake messages so far, pre-hashed if
// necessary, suitable for signing by a TLS client certificate.
func (h finishedHash) hashForClientCertificate(sigType uint8, hashAlg crypto.Hash) []byte {