On Thu, 2019-12-19 at 00:33 +0500, Alexander E. Patrakov wrote:
My B-tree uses minimum unique key with leading duplicates not stored
for all but the leaf nodes - so it would also (eventually - there is so
much noise in the timing measurement) give away the key via timing
attacks.
I had not thought of that angle, and I hope I remember this the next
time I am reinventing session ids. Now I'm also wondering about other
libraries that manage session ids. Java servlets in Apache Tomcat?