}
        }, CrawlingInfoService.class.getCanonicalName());

        crawlingInfoHelper.updateParams(sessionId, "Test Crawl", 5);

        // Verify documentExpires is set (don't check exact timing due to test environment timing issues)
        assertTrue("documentExpires should be set", crawlingInfoHelper.documentExpires > 0);
    }

    @Test
    public void test_updateParams_defaultName() {

     */
    public void resetStatistics() {
        for (AtomicLong counter : eventCounters.values()) {
            counter.set(0);
        }
        for (AtomicLong timing : eventTimings.values()) {
            timing.set(0);
        }
    }

    /**
     * Enable or disable JSON logging
     *
     * @param enable true to enable JSON logging
     */

            final byte[] cmp = new byte[SIGNATURE_LENGTH];
            System.arraycopy(mac.doFinal(), 0, cmp, 0, SIGNATURE_LENGTH);

            // Use constant-time comparison to prevent timing attacks
            if (!MessageDigest.isEqual(sig, cmp)) {
                return false; // Signature verification failed
            }
            return true; // Signature verification succeeded
        } finally {

    # Renvoyer une erreur
    ...
```

Mais en utilisant `secrets.compare_digest()`, cela sera sécurisé contre un type d'attaques appelé « attaques par chronométrage ».

### Attaques par chronométrage { #timing-attacks }

Mais qu'est-ce qu'une « attaque par chronométrage » ?

Imaginons que des attaquants essaient de deviner le nom d'utilisateur et le mot de passe.

 *
 * Features:
 * - Encrypts credentials at rest using AES-256-GCM
 * - Uses PBKDF2 for key derivation from master password
 * - Secure wiping of sensitive data
 * - Thread-safe operations
 * - Protection against timing attacks
 */
public class SecureCredentialStorage implements AutoCloseable, Destroyable {

    private static final Logger log = LoggerFactory.getLogger(SecureCredentialStorage.class);

 */
public class DirectoryChangeNotifier {

    private static final Logger log = LoggerFactory.getLogger(DirectoryChangeNotifier.class);

    // Backoff and timing constants (in ms)
    private static final long BASE_POLL_INTERVAL = 1000;
    private static final long MAX_POLL_INTERVAL = 30000;
    private static final long BASE_RETRY_DELAY = 1000;

    private static final SecurityAuditLogger auditLogger = SecurityAuditLogger.getInstance();

    /**
     * Performs constant-time comparison of two char arrays to prevent timing attacks.
     * This method always compares the full length of both arrays, regardless of when
     * differences are found, making the execution time independent of the position
     * of differing characters.
     *

          try {
            if (timer != null) {
              long overDelayMs = Math.abs(timer.getDelay(MILLISECONDS));
              if (overDelayMs > 10) { // Not all timing drift is worth reporting
                message += " (timeout delayed by " + overDelayMs + " ms after scheduled time)";
              }
            }
            message += ": " + delegate;
          } finally {

So stellt man sicher, dass der Endpunkt ungefähr gleich viel Zeit für die Antwort benötigt, unabhängig davon, ob der Benutzername gültig ist oder nicht. Dadurch werden Timing-Angriffe verhindert, mit denen vorhandene Benutzernamen ermittelt werden könnten.

/// note | Hinweis

Esto asegura que el endpoint tarda aproximadamente la misma cantidad de tiempo en responder tanto si el nombre de usuario es válido como si no, previniendo los **timing attacks** que podrían usarse para enumerar nombres de usuario existentes.

/// note | Nota