Comment 1 for bug 1071067

The attached patch is for Zope 2.12 for the browser id manager and auth encoding usage of random. For good measure I also put in a constant time comparison function. The code is basically a copy of django.utils.crypto.

Locally I've already prepared the code for all the other branches and the standalone AccessControl library. Unless someone wants me to hold back those fixes, I'll release them tomorrow on Tuesday Oct 30 in new releases of all the projects.