diff --git a/js/crypto.js b/js/crypto.js
index 0034f407..28715f64 100644
--- a/js/crypto.js
+++ b/js/crypto.js
@@ -352,18 +352,14 @@ window.textsecure.crypto = function() {
 
 	var verifyMACWithVersionByte = function(data, key, mac, version) {
 		return calculateMACWithVersionByte(data, key, version).then(function(calculated_mac) {
-			var macString = getString(mac);//TODO: Move away from strings for comparison?
-
-			if (getString(calculated_mac).substring(0, macString.length) != macString)
+			if (!isEqual(calculated_mac, mac, mac.byteLength))
 				throw new Error("Bad MAC");
 		});
 	}
 
 	var verifyMAC = function(data, key, mac) {
 		return HmacSHA256(key, data).then(function(calculated_mac) {
-			var macString = getString(mac);//TODO: Move away from strings for comparison?
-
-			if (getString(calculated_mac).substring(0, macString.length) != macString)
+			if (!isEqual(calculated_mac, mac, mac.byteLength))
 				throw new Error("Bad MAC");
 		});
 	}
diff --git a/js/helpers.js b/js/helpers.js
index 9333cdcf..276f6d84 100644
--- a/js/helpers.js
+++ b/js/helpers.js
@@ -99,6 +99,7 @@ window.textsecure = window.textsecure || {};
  *********************************/
 // Strings/arrays
 //TODO: Throw all this shit in favor of consistent types
+//TODO: Namespace
 var StaticByteBufferProto = new dcodeIO.ByteBuffer().__proto__;
 var StaticArrayBufferProto = new ArrayBuffer().__proto__;
 var StaticUint8ArrayProto = new Uint8Array().__proto__;
@@ -126,6 +127,15 @@ function getStringable(thing) {
 				thing.__proto__ == StaticWordArrayProto)));
 }
 
+function isEqual(a, b, maxLegnth) {
+	// TODO: Special-case arraybuffers, etc
+	a = getString(a);
+	b = getString(b);
+	if (maxLength === undefined)
+		maxLength = Math.max(a.length, b.length);
+	return a.substring(0, Math.min(maxLength, a.length)) == b.substring(0, Math.min(maxLength, b.length));
+}
+
 function toArrayBuffer(thing) {
 	//TODO: Optimize this for specific cases
 	if (thing === undefined)