At that point, by noticing that the server took some microseconds longer to send the "Incorrect username or password" response, the attackers will know that they got _something_ right, some of the initial letters were right.

And then they can try again knowing that it's probably something more similar to `stanleyjobsox` than to `johndoe`.

#### A "professional" attack { #a-professional-attack }

        return sval;
    }

    /**
     * Advances to the next token.
     *
     * @return The type of the token.
     */
    public int nextToken() {
        initVal();
        if (processEOF()) {
            return ttype;
        }
        if (processWhitespace()) {
            return ttype;
        }
        if (processWord()) {
            return ttype;

     */
    public GroupPager() {
        // Default constructor
    }

    /**
     * Clears all pagination data and search criteria, resetting the pager to its initial state.
     * This method resets record counts, pagination flags, and search parameters to their default values.
     */
    public void clear() {
        allRecordCount = 0;
        allPageCount = 0;

    tester.testFailedFuture("failure");
  }

  public void testCancel() throws Exception {
    assertTrue(future.cancel(true));
    tester.testCancelledFuture();
  }

  /** Tests the initial state of the future. */
  public void testCreate() throws Exception {
    SettableFuture<Integer> future = SettableFuture.create();
    assertFalse(future.isDone());
    assertFalse(future.isCancelled());
  }

 * header, or they may decline the challenge by returning null. In this case the unauthenticated
 * response will be returned to the caller that triggered it.
 *
 * Implementations should check if the initial request already included an attempt to
 * authenticate. If so it is likely that further attempts will not be useful and the authenticator
 * should give up.
 *

        assertEquals(1024, buffer2.length, "Buffer should have expected size");
        assertNotSame(buffer1, buffer2, "Different calls should return different buffers initially");
    }

    @Test
    @DisplayName("releaseBuffer and getBuffer should implement buffer reuse")
    void testBufferReuse() {
        // Given
        byte[] originalBuffer = testCache.getBuffer();

Pruning the entire Cache to clear space temporarily can be done using evictAll.

```kotlin
cache.evictAll()
```

Removing individual items can be done using the urls iterator.
This would be typical after a user initiates a force refresh by a pull to refresh type action.

```java
    val urlIterator = cache.urls()
    while (urlIterator.hasNext()) {
      if (urlIterator.next().startsWith("https://www.google.com/")) {

        futures.isEmpty()
            ? Collections.<@Nullable Present<V>>emptyList()
            : Lists.<@Nullable Present<V>>newArrayListWithCapacity(futures.size());

    // Populate the results list with null initially.
    for (int i = 0; i < futures.size(); ++i) {
      values.add(null);
    }

    this.values = values;
  }

  @Override
  final void collectOneValue(int index, @ParametricNullness V returnValue) {

     */
    public final int getCommonCapabilities() {
        return this.commonCapabilities;
    }

    /**
     * Gets the initial security blob for authentication negotiation.
     *
     * @return initial security blob
     */
    public byte[] getSecurityBlob() {
        return this.securityBuffer;
    }

    /**

     * but an implemantation that encorporates the transport header(for
     * efficiency) might use a different initial bufferIndex. For example,
     * to eliminate copying data when writing NbtSession data one might
     * manage that 4 byte header specifically and therefore the initial
     * bufferIndex, and thus headerStart, would be 4).(NOTE: If one where