// Flags (2 bytes) - should be 0 by default
        assertEquals(0, SMBUtil.readInt2(buffer, 2));

        // Reserved (4 bytes) - The implementation skips writing these bytes,
        // so they will have the initial pattern (0xCCCCCCCC)
        // This is expected behavior as seen in the implementation at line 131
        assertEquals((byte) 0xCC, buffer[4]);
        assertEquals((byte) 0xCC, buffer[5]);

 * header, or they may decline the challenge by returning null. In this case the unauthenticated
 * response will be returned to the caller that triggered it.
 *
 * Implementations should check if the initial request already included an attempt to
 * authenticate. If so it is likely that further attempts will not be useful and the authenticator
 * should give up.
 *

  private static final int DEFAULT_VALUES_PER_KEY = 2;

  @VisibleForTesting transient int expectedValuesPerKey = DEFAULT_VALUES_PER_KEY;

  /**
   * Creates a new, empty {@code HashMultimap} with the default initial capacities.
   *
   * <p>You may also consider the equivalent {@code
   * MultimapBuilder.hashKeys().hashSetValues().build()}, which provides more control over the
   * underlying data structure.
   */

<%@page pageEncoding="UTF-8" contentType="text/html; charset=UTF-8"%><!DOCTYPE html>
${fe:html(true)}
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="referrer" content="no-referrer">
<title>${f:h(displayQuery)}-<la:message
		key="labels.search_title" /></title>
<c:if test="${osddLink}">

<%@page pageEncoding="UTF-8" contentType="text/html; charset=UTF-8"%><!DOCTYPE html>
${fe:html(true)}
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="referrer" content="no-referrer">
<title>${f:h(displayQuery)}-<la:message
		key="labels.search_title" /></title>
<c:if test="${osddLink}">

func (m *muxClient) RequestStateless(h HandlerID, req []byte, out chan<- Response) {
	if m.init {
		out <- Response{Err: errors.New("mux client already used")}
	}
	m.init = true

	// Try to grab an initial block.
	m.singleResp = false
	msg := message{
		Op:         OpConnectMux,
		Handler:    h,
		Flags:      FlagEOF,
		Payload:    req,
		DeadlineMS: uint32(m.deadline.Milliseconds()),
	}

  /** Version of plus for use in retryUpdate */
  @Override
  final long fn(long v, long x) {
    return v + x;
  }

  /** Creates a new adder with initial sum of zero. */
  public LongAdder() {}

  /**
   * Adds the given value.
   *
   * @param x the value to add
   */
  @Override
  public void add(long x) {
    Cell[] as;
    long b, v;

    tester.testFailedFuture("failure");
  }

  public void testCancel() throws Exception {
    assertTrue(future.cancel(true));
    tester.testCancelledFuture();
  }

  /** Tests the initial state of the future. */
  public void testCreate() throws Exception {
    SettableFuture<Integer> future = SettableFuture.create();
    assertFalse(future.isDone());
    assertFalse(future.isCancelled());
  }

     */
    public GroupPager() {
        // Default constructor
    }

    /**
     * Clears all pagination data and search criteria, resetting the pager to its initial state.
     * This method resets record counts, pagination flags, and search parameters to their default values.
     */
    public void clear() {
        allRecordCount = 0;
        allPageCount = 0;

At that point, by noticing that the server took some microseconds longer to send the "Incorrect username or password" response, the attackers will know that they got _something_ right, some of the initial letters were right.

And then they can try again knowing that it's probably something more similar to `stanleyjobsox` than to `johndoe`.

#### A "professional" attack { #a-professional-attack }