2 files changed, 3 insertions, 4 deletions

diff --git a/Csrf/CsrfTokenManager.php b/Csrf/CsrfTokenManager.php
index e129502..cdda543 100644
--- a/Csrf/CsrfTokenManager.php
+++ b/Csrf/CsrfTokenManager.php
@@ -11,7 +11,6 @@
 
 namespace Symfony\Component\Security\Csrf;
 
-use Symfony\Component\Security\Core\Util\StringUtils;
 use Symfony\Component\Security\Csrf\TokenGenerator\UriSafeTokenGenerator;
 use Symfony\Component\Security\Csrf\TokenGenerator\TokenGeneratorInterface;
 use Symfony\Component\Security\Csrf\TokenStorage\NativeSessionTokenStorage;
@@ -92,6 +91,6 @@ class CsrfTokenManager implements CsrfTokenManagerInterface
             return false;
         }
 
-        return StringUtils::equals($this->storage->getToken($token->getId()), $token->getValue());
+        return hash_equals($this->storage->getToken($token->getId()), $token->getValue());
     }
 }
diff --git a/Csrf/composer.json b/Csrf/composer.json
index 2afebf9..c8e2fae 100644
--- a/Csrf/composer.json
+++ b/Csrf/composer.json
@@ -17,8 +17,8 @@
     ],
     "require": {
         "php": ">=5.3.9",
-        "symfony/security-core": "~2.4|~3.0.0",
-        "paragonie/random_compat": "~1.0"
+        "symfony/polyfill-php56": "~1.0",
+        "symfony/security-core": "~2.4|~3.0.0"
     },
     "require-dev": {
         "symfony/http-foundation": "~2.1|~3.0.0"