o Security fixes: - When using the debuging BridgePassword field, a bridge authority now compares alleged passwords by hashing them, then comparing the result to a digest of the expected authenticator. This avoids a potential side-channel attack in the previous code, which had foolishly used strcmp(). Fortunately, the BridgePassword field *is not in use*, but if it had been, the timing behavior of strcmp() might have allowed an adversary to guess the BridgePassword value, and enumerate the bridges. Bugfix on 0.2.0.14-alpha. Fixes bug 5543.