+ * Fix a XSS reported in
+ https://trac.torproject.org/projects/tor/ticket/14037
+ * Fix horrible use of crypto primitives.
+ * Add HMAC authentication to authtoken.
+ * Verify that the uid passed as a get parameters matches the
+ one stored in authtoken.