---> 100%
```

</div>

/// info

Si vous prévoyez d'utiliser des algorithmes de signature numérique comme RSA ou ECDSA, vous devez installer la dépendance de bibliothèque de cryptographie `pyjwt[crypto]`.

Vous pouvez en lire davantage dans la [documentation d'installation de PyJWT](https://pyjwt.readthedocs.io/en/latest/installation.html).

///

## Hachage de mot de passe { #password-hashing }

import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.atomic.AtomicInteger;

import javax.crypto.SecretKey;

import org.junit.jupiter.api.AfterEach;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;

/**
 * Test class for SecureKeyManager
 */
public class SecureKeyManagerTest {

        if (attempts == 0) return 0.0;
        return (double) reconnectSuccesses.get() / attempts;
    }
}
```

## 12. Security Considerations

### 12.1 Handle State Encryption
```java
public class SecureHandleStorage {
    private final SecretKey encryptionKey;
    
    public void saveEncrypted(HandleInfo handle, Path file) throws Exception {

  - The `--experimental-encryption-provider-config` flag is deprecated in favor of `--encryption-provider-config`. The old flag is accepted with a warning but will be removed in 1.14. ([#71206](https://github.com/kubernetes/kubernetes/pull/71206), [@stlaz](https://github.com/stlaz))

- The API server now re-uses data encryption keys while the kms v2 plugin's key ID is stable.  Data encryption keys are still randomly generated on server start but an atomic counter is used to prevent nonce collisions. ([#116155](https://github.com/kubernetes/kubernetes/pull/116155), [@enj](https://github.com/enj)) [SIG API Machinery, Auth and Testing]

```console
$ pip install pyjwt

---> 100%
```

</div>

/// info | Інформація

Якщо ви плануєте використовувати алгоритми цифрового підпису на кшталт RSA або ECDSA, слід встановити залежність криптобібліотеки `pyjwt[crypto]`.

Докладніше про це можна прочитати у [документації з встановлення PyJWT](https://pyjwt.readthedocs.io/en/latest/installation.html).

///

## Хешування паролів { #password-hashing }

        }
        if ((server.capabilities & CAP_EXTENDED_SECURITY) != CAP_EXTENDED_SECURITY && server.encryptionKeyLength != 8
                && LM_COMPATIBILITY == 0) {
            throw new SmbException("Unexpected encryption key length: " + server.encryptionKeyLength);
        }

        /* Adjust negotiated values */

        tconHostName = address.getHostName();

## Security - HTTPS { #security-https }

In the [previous chapter about HTTPS](https.md) we learned about how HTTPS provides encryption for your API.

We also saw that HTTPS is normally provided by a component **external** to your application server, a **TLS Termination Proxy**.

        }
    }
    
    public void validateRemoteAccess(long remoteAddress, int length, int remoteKey) {
        // Validate that remote memory access is authorized
        // This would integrate with SMB3 encryption/signing
        if (!isAuthorizedAccess(remoteAddress, length, remoteKey)) {
            throw new SecurityException("Unauthorized RDMA remote access");
        }
    }
    

- KMS: added validation for duplicate kms config name when auto reload is enabled. If you enabled automatic reload of encryption configuration with API server flag `--encryption-provider-config-automatic-reload`, ensure all the KMS provider names (v1 and v2) in the encryption configuration are unique. ([#113697](https://github.com/kubernetes/kubernetes/pull/113697), [@aramase](https://github.com/aramase))