#### A "professional" attack { #a-professional-attack }

Of course, the attackers would not try all this by hand, they would write a program to do it, possibly with thousands or millions of tests per second. And they would get just one extra correct letter at a time.

# special script :: absolute mode: $(2014/07/10), relative mode: addDay(3).addMonth(4)
# The milliseconds for (relative or absolute) adjust time (set only when test) @LongType *dynamic in development
time.adjust.time.millis = 0

# ----------------------------------------------------------
#                                                      Mail
#                                                     ------

    /** The key of the configuration. e.g. false */
    String FRAMEWORK_DEBUG = "framework.debug";

    /** The key of the configuration. e.g. 0 */
    String TIME_ADJUST_TIME_MILLIS = "time.adjust.time.millis";

    /** The key of the configuration. e.g. true */
    String MAIL_SEND_MOCK = "mail.send.mock";

    /** The key of the configuration. e.g. localhost:25 */

# special script :: absolute mode: $(2014/07/10), relative mode: addDay(3).addMonth(4)
# The milliseconds for (relative or absolute) adjust time (set only when test) @LongType *dynamic in development
time.adjust.time.millis = 0

# ----------------------------------------------------------
#                                                      Mail
#                                                     ------

# special script :: absolute mode: $(2014/07/10), relative mode: addDay(3).addMonth(4)
# The milliseconds for (relative or absolute) adjust time (set only when test) @LongType *dynamic in development
time.adjust.time.millis = 0

# ----------------------------------------------------------
#                                                      Mail
#                                                     ------

    ConsoleHandler().apply {
      level = Level.FINE
      formatter =
        object : SimpleFormatter() {
          override fun format(record: LogRecord) = String.format("[%1\$tF %1\$tT] %2\$s %n", record.millis, record.message)
        }
    }

  fun enable(
    loggerClass: String,
    handler: Handler = logHandler(),
  ): Closeable {
    val logger = Logger.getLogger(loggerClass)

      .toFormatter()

  private val offset = ZoneOffset.systemDefault()

  override fun format(record: LogRecord): String {
    val message = formatMessage(record)

    val time = Instant.ofEpochMilli(record.millis).atZone(offset)

    return if (record.thrown != null) {
      val sw = StringWriter(4096)
      val pw = PrintWriter(sw)
      record.thrown.printStackTrace(pw)

	if int(result.AutoUnixMilliCreateTime) != int(result.AutoUnixMilliUpdateTime) || result.AutoUnixMilliCreateTime == 0 || int(result.AutoUnixMilliCreateTime)/int(result.AutoUnixCreateTime) < 1e3 {
		t.Fatalf("invalid create/update unix milli time: %#v", result)
	}

	if int(result.AutoUnixNanoCreateTime) != int(result.AutoUnixNanoUpdateTime) || result.AutoUnixNanoCreateTime == 0 || int(result.AutoUnixNanoCreateTime)/int(result.AutoUnixCreateTime) < 1e6 {

#### Ein „professioneller“ Angriff { #a-professional-attack }

Natürlich würden die Angreifer das alles nicht von Hand versuchen, sondern ein Programm dafür schreiben, möglicherweise mit Tausenden oder Millionen Tests pro Sekunde. Und würden jeweils nur einen zusätzlichen richtigen Buchstaben erhalten.

          "interval": "1m",
          "intervalFactor": 2,
          "legendFormat": "{{server,endpoint}}",
          "refId": "A"
        }
      ],
      "title": "Avg. Link Latency (millis)",
      "type": "timeseries"
    },
    {
      "datasource": {
        "type": "prometheus",
        "uid": "${DS_PROMETHEUS}"
      },
      "fieldConfig": {
        "defaults": {