System.arraycopy(clientChallenge, 0, sessionNonce, 8, 8);

                final MessageDigest md4 = Crypto.getMD4();
                md4.update(passwordHash);
                final byte[] userSessionKey = md4.digest();

                final MessageDigest hmac = Crypto.getHMACT64(userSessionKey);
                hmac.update(sessionNonce);
                final byte[] ntlm2SessionKey = hmac.digest();

	"maps"
	"sync"

	"github.com/minio/minio-go/v7"
	"github.com/minio/minio-go/v7/pkg/tags"
	"github.com/minio/minio/internal/crypto"
	"github.com/minio/minio/internal/hash"
	xhttp "github.com/minio/minio/internal/http"
	"github.com/minio/minio/internal/kms"
)

type fanOutOptions struct {
	Kind     crypto.Type
	KeyID    string
	Key      []byte
	KmsCtx   kms.Context
	Checksum *hash.Checksum
	MD5Hex   string
}

     * Parse Kerberos authorization data based on the authorization type.
     *
     * @param authType the type of authorization data
     * @param token the authorization data token
     * @param keys the Kerberos keys for decryption
     * @return a list of parsed authorization data
     * @throws PACDecodingException if the data cannot be decoded
     */

pkg bufio, method (ReadWriter) AvailableBuffer() []uint8
pkg bytes, func Cut([]uint8, []uint8) ([]uint8, []uint8, bool)
pkg bytes, func Title //deprecated
pkg crypto/tls, method (*Conn) NetConn() net.Conn
pkg crypto/tls, type Config struct, PreferServerCipherSuites //deprecated
pkg crypto/x509, method (*CertPool) Subjects //deprecated
pkg debug/buildinfo, func Read(io.ReaderAt) (*debug.BuildInfo, error)

pkg compress/gzip, method (*Reader) Reset(io.Reader) error
pkg crypto/tls, const CurveP256 = 23
pkg crypto/tls, const CurveP256 CurveID
pkg crypto/tls, const CurveP384 = 24
pkg crypto/tls, const CurveP384 CurveID
pkg crypto/tls, const CurveP521 = 25
pkg crypto/tls, const CurveP521 CurveID
pkg crypto/tls, func DialWithDialer(*net.Dialer, string, string, *Config) (*Conn, error)
pkg crypto/tls, func NewLRUClientSessionCache(int) ClientSessionCache

          message == "adding as trusted certificates" -> Type.Setup
          message == "Raw read" || message == "Raw write" -> Type.Encrypted
          message == "Plaintext before ENCRYPTION" || message == "Plaintext after DECRYPTION" -> Type.Plaintext
          message.startsWith("System property ") -> Type.Setup
          message.startsWith("Reload ") -> Type.Setup
          message == "No session to resume." -> Type.Handshake

golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58=
golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliYc=
golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU=
golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8=
golang.org/x/crypto v0.31.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk=

	github.com/mattn/go-isatty v0.0.20 // indirect
	github.com/minio/pkg/v3 v3.0.28 // indirect
	github.com/philhofer/fwd v1.1.3-0.20240916144458-20a13a1f6b7c // indirect
	golang.org/x/crypto v0.35.0 // indirect
	golang.org/x/sys v0.30.0 // indirect

	// on the backend.
	kind, _ := crypto.IsEncrypted(fi.Metadata)

	var objectEncryptionKey []byte
	switch kind {
	case crypto.SSEC:
		if checksumType.IsSet() {
			if opts.EncryptFn == nil {
				return oi, crypto.ErrMissingCustomerKey
			}
			baseKey := opts.EncryptFn("", nil)
			if len(baseKey) != 32 {
				return oi, crypto.ErrInvalidCustomerKey
			}

pkg compress/lzw, method (*Writer) Write([]uint8) (int, error)
pkg compress/lzw, type Reader struct
pkg compress/lzw, type Writer struct
pkg crypto/tls, method (*CertificateRequestInfo) Context() context.Context
pkg crypto/tls, method (*ClientHelloInfo) Context() context.Context
pkg crypto/tls, method (*Conn) HandshakeContext(context.Context) error
pkg database/sql, method (*NullByte) Scan(interface{}) error