* (bug 61346) SECURITY: Make token comparison use
constant time. It seems
like
our token comparison would be vulnerable to timing attacks. This will
take
constant time.
Not to be a grammar nazi, but that should presumably be something
along the lines of "Using constant time comparison will prevent this"
instead of "This will take constant time", as that could be
interpreted as the attack would take constant time.
--bawolff