We found blockciphers and cookies to be the perfect solution for our
session management needs. The only problem we heard about was some
kind of "oraculum", so we decided to pad our messages with NUL bytes
and now
the system is 100% safe.
Update (2019-01-02): fixed a typo in the flag
