*
 * Features:
 * - Encrypts credentials at rest using AES-256-GCM
 * - Uses PBKDF2 for key derivation from master password
 * - Secure wiping of sensitive data
 * - Thread-safe operations
 * - Protection against timing attacks
 */
public class SecureCredentialStorage implements AutoCloseable, Destroyable {

    private static final Logger log = LoggerFactory.getLogger(SecureCredentialStorage.class);

 */
public class DirectoryChangeNotifier {

    private static final Logger log = LoggerFactory.getLogger(DirectoryChangeNotifier.class);

    // Backoff and timing constants (in ms)
    private static final long BASE_POLL_INTERVAL = 1000;
    private static final long MAX_POLL_INTERVAL = 30000;
    private static final long BASE_RETRY_DELAY = 1000;

          try {
            if (timer != null) {
              long overDelayMs = Math.abs(timer.getDelay(MILLISECONDS));
              if (overDelayMs > 10) { // Not all timing drift is worth reporting
                message += " (timeout delayed by " + overDelayMs + " ms after scheduled time)";
              }
            }
            message += ": " + delegate;
          } finally {

    private static final SecurityAuditLogger auditLogger = SecurityAuditLogger.getInstance();

    /**
     * Performs constant-time comparison of two char arrays to prevent timing attacks.
     * This method always compares the full length of both arrays, regardless of when
     * differences are found, making the execution time independent of the position
     * of differing characters.
     *

 * including retry logic and fallback mechanisms.
 */
public class RdmaErrorHandler {

    private static final Logger log = LoggerFactory.getLogger(RdmaErrorHandler.class);

    // Retry and timing constants (in ms)
    private static final long MAX_RETRY_DELAY = 10000; // 10 seconds maximum delay
    private static final int MAX_BACKOFF_SHIFT = 4; // Maximum 16x multiplier

    private final RdmaStatistics statistics;

```Python
if not (credentials.username == "stanleyjobson") or not (credentials.password == "swordfish"):
    # 何らかのエラーを返す
    ...
```

しかし `secrets.compare_digest()` を使うことで、「タイミング攻撃」と呼ばれる種類の攻撃に対して安全になります。

### タイミング攻撃 { #timing-attacks }

「タイミング攻撃」とは何でしょうか？

攻撃者がユーザー名とパスワードを推測しようとしていると想像してください。

そして、ユーザー名 `johndoe`、パスワード `love123` を使ってリクエストを送ります。

その場合、アプリケーション内の Python コードは次のようなものと等価になります:

```Python

	})
}

func (f *sftpDriver) AccessKey() string {
	return f.permissions.CriticalOptions["AccessKey"]
}

func (f *sftpDriver) Fileread(r *sftp.Request) (ra io.ReaderAt, err error) {
	// This is not timing the actual read operation, but the time it takes to prepare the reader.
	stopFn := globalSftpMetrics.log(r, f.AccessKey())
	defer stopFn(0, err)

	flags := r.Pflags()
	if !flags.Read {
		// sanity check

    private final AtomicLong connectionsActive = new AtomicLong();
    private final AtomicLong memoryRegionsAllocated = new AtomicLong();
    private final AtomicLong memoryRegionsActive = new AtomicLong();

    // Timing statistics (in nanoseconds)
    private final AtomicLong totalReadTime = new AtomicLong();
    private final AtomicLong totalWriteTime = new AtomicLong();
    private final AtomicLong totalSendTime = new AtomicLong();

     */
    public void resetStatistics() {
        for (AtomicLong counter : eventCounters.values()) {
            counter.set(0);
        }
        for (AtomicLong timing : eventTimings.values()) {
            timing.set(0);
        }
    }

    /**
     * Enable or disable JSON logging
     *
     * @param enable true to enable JSON logging
     */

            thread.join();
        }

        // Due to synchronized method, only one thread should reload
        // The count might be 2 (one initial + one reload) or slightly higher due to timing
        assertTrue(loadCount[0] <= 3, "Load count should be small due to synchronization");
    }