Bu, username geçerli olsun ya da olmasın endpoint'in yaklaşık aynı sürede yanıt vermesini sağlar; böylece mevcut username'leri saymaya yarayabilecek zamanlama saldırılarını (timing attacks) engeller.

/// note | Not

 * including retry logic and fallback mechanisms.
 */
public class RdmaErrorHandler {

    private static final Logger log = LoggerFactory.getLogger(RdmaErrorHandler.class);

    // Retry and timing constants (in ms)
    private static final long MAX_RETRY_DELAY = 10000; // 10 seconds maximum delay
    private static final int MAX_BACKOFF_SHIFT = 4; // Maximum 16x multiplier

    private final RdmaStatistics statistics;

    private final AtomicLong connectionsActive = new AtomicLong();
    private final AtomicLong memoryRegionsAllocated = new AtomicLong();
    private final AtomicLong memoryRegionsActive = new AtomicLong();

    // Timing statistics (in nanoseconds)
    private final AtomicLong totalReadTime = new AtomicLong();
    private final AtomicLong totalWriteTime = new AtomicLong();
    private final AtomicLong totalSendTime = new AtomicLong();

   * were obtained by calling {@code snapshot()} on the same {@link PairedStatsAccumulator} without
   * adding any values in between the two calls, or if one is obtained from the other after
   * round-tripping through java serialization. However, floating point rounding errors mean that it
   * may be false for some instances where the statistics are mathematically equal, including

	})
}

func (f *sftpDriver) AccessKey() string {
	return f.permissions.CriticalOptions["AccessKey"]
}

func (f *sftpDriver) Fileread(r *sftp.Request) (ra io.ReaderAt, err error) {
	// This is not timing the actual read operation, but the time it takes to prepare the reader.
	stopFn := globalSftpMetrics.log(r, f.AccessKey())
	defer stopFn(0, err)

	flags := r.Pflags()
	if !flags.Read {
		// sanity check

        // Mock address for testing
        Address mockAddress = Mockito.mock(Address.class);
        Mockito.when(mockAddress.getHostAddress()).thenReturn("127.0.0.1");

        // Start timing
        long overallStart = System.nanoTime();

        for (int t = 0; t < threadCount; t++) {
            executor.submit(() -> {
                try {
                    startLatch.await();

```Python
if not (credentials.username == "stanleyjobson") or not (credentials.password == "swordfish"):
    # 何らかのエラーを返す
    ...
```

しかし `secrets.compare_digest()` を使うことで、「タイミング攻撃」と呼ばれる種類の攻撃に対して安全になります。

### タイミング攻撃 { #timing-attacks }

「タイミング攻撃」とは何でしょうか？

攻撃者がユーザー名とパスワードを推測しようとしていると想像してください。

そして、ユーザー名 `johndoe`、パスワード `love123` を使ってリクエストを送ります。

その場合、アプリケーション内の Python コードは次のようなものと等価になります:

```Python

Isso garante que o endpoint leve aproximadamente o mesmo tempo para responder, seja o nome de usuário válido ou não, prevenindo **timing attacks** que poderiam ser usados para enumerar nomes de usuário existentes.

/// note | Nota

            thread.join();
        }

        // Due to synchronized method, only one thread should reload
        // The count might be 2 (one initial + one reload) or slightly higher due to timing
        assertTrue(loadCount[0] <= 3, "Load count should be small due to synchronization");
    }

   * representation to this hash code.
   *
   * <p><b>Security note:</b> this method uses a constant-time (not short-circuiting) implementation
   * to protect against <a href="http://en.wikipedia.org/wiki/Timing_attack">timing attacks</a>.
   */
  @Override
  public final boolean equals(@Nullable Object object) {
    if (object instanceof HashCode) {
      HashCode that = (HashCode) object;