Write and use constant-time comparison functions
We should have constant-time comparison functions available in Tor, and use them whenever we compare cryptographic values or passwords.
We probably don't need to do all of our comparisons of digests in constant time, but once we have constant-time comparison functions around, it will be easier to use them than to convince ourselves that we don't need to in any particular spot.