Pero haciendo eso, en algunos minutos u horas, los atacantes habrían adivinado el nombre de usuario y la contraseña correctos, con la "ayuda" de nuestra aplicación, solo usando el tiempo tomado para responder.

	}
	if len(l.lockUID) != len(rResources)+len(wResources) {
		t.Fatalf("lockUID len, got %d, want %d + %d", len(l.lockUID), len(rResources), len(wResources))
	}

	// Expire a minute ago.
	l.expireOldLocks(-time.Minute)
	if len(l.lockMap) != 0 {
		t.Fatalf("after cleanup should be empty, got %d", len(l.lockMap))
	}
	if len(l.lockUID) != 0 {
		t.Fatalf("lockUID len, got %d, want %d", len(l.lockUID), 0)
	}
}

      require(hour in 0..23)
      require(minute in 0..59)
      require(second in 0..59)

      GregorianCalendar(UTC).apply {
        isLenient = false
        set(Calendar.YEAR, year)
        set(Calendar.MONTH, month - 1)
        set(Calendar.DAY_OF_MONTH, dayOfMonth)
        set(Calendar.HOUR_OF_DAY, hour)
        set(Calendar.MINUTE, minute)
        set(Calendar.SECOND, second)

		"Total number of bytes failed at least once to replicate in the last full minute on a bucket",
		bucketL, targetArnL)
	bucketReplLastMinFailedCountMD = NewGaugeMD(bucketReplLastMinFailedCount,
		"Total number of objects which failed replication in the last full minute on a bucket",
		bucketL, targetArnL)
	bucketReplLatencyMsMD = NewGaugeMD(bucketReplLatencyMs,

    /**
     * Timeout in milliseconds for witness heartbeat messages
     */
    protected long witnessHeartbeatTimeout = 120000; // 2 minutes
    /**
     * Timeout in milliseconds for witness registration
     */
    protected long witnessRegistrationTimeout = 300000; // 5 minutes
    /**
     * Delay in milliseconds before attempting witness reconnection
     */
    protected long witnessReconnectDelay = 1000; // 1 second

    Cache<Integer, Integer> cache =
        CacheBuilder.newBuilder()
            .expireAfterAccess(1, MINUTES)
            .removalListener(listener)
            .ticker(ticker)
            .build();
    cache.put(1, 1);
    ticker.advance(10, MINUTES);
    cache.invalidateAll();

    assertThat(listener.poll().getCause()).isEqualTo(RemovalCause.EXPIRED);
  }

     * Maximum raw buffer size for raw read/write operations.
     */
    public int maxRawSize;
    /**
     * Server's system time.
     */
    public long serverTime;
    /**
     * Server's time zone offset in minutes from UTC.
     */
    public int serverTimeZone;
    /**
     * Length of the encryption key.
     */
    public int encryptionKeyLength;
    /**
     * Encryption key for password encryption.
     */

# updated.
concurrency:
  group: ${{ github.workflow }}-${{ github.head_ref }}
  cancel-in-progress: true

permissions:
  contents: read

jobs:
  mint-test:
    runs-on: mint
    timeout-minutes: 120
    steps:
      - name: cleanup #https://github.com/actions/checkout/issues/273
        run: |
          sudo -S rm -rf ${GITHUB_WORKSPACE}
          mkdir ${GITHUB_WORKSPACE}
      - name: checkout-step

	}()

	go func() {
		if globalEnableSyncBoot {
			defer bootstrapTrace("unfreezeServices", unfreezeServices)
			t := time.AfterFunc(5*time.Minute, func() {
				warnings = append(warnings,
					color.YellowBold("- Initializing the config subsystem is taking longer than 5 minutes. Please remove 'MINIO_SYNC_BOOT=on' to not freeze the APIs"))
			})
			defer t.Stop()
		}

		// Initialize data scanner.

Claro, os invasores não tentariam tudo isso de forma manual, eles escreveriam um programa para fazer isso, possivelmente com milhares ou milhões de testes por segundo. E obteriam apenas uma letra a mais por vez.

Mas fazendo isso, em alguns minutos ou horas os invasores teriam adivinhado o usuário e senha corretos, com a "ajuda" da nossa aplicação, apenas usando o tempo levado para responder.

#### Corrija com o `secrets.compare_digest()` { #fix-it-with-secrets-compare-digest }