diff --git a/core/includes/common.inc b/core/includes/common.inc
index 540f42b..6076920 100644
--- a/core/includes/common.inc
+++ b/core/includes/common.inc
@@ -4856,6 +4856,14 @@ function drupal_get_private_key() {
  *
  * @param $value
  *   An additional value to base the token on.
+ *
+ * @return string
+ *   A fixed width 43-character token.
+ *   This string will always be the same for a given $value on the same site.
+ *
+ *   Reason for fixed length return value: SHA-256 returns always 256 bits
+ *   (32 bytes). Base64 encoding gives a length of 44 bytes including '='
+ *   as padding character wich will get removed by drupal_hmac_base64().
  */
 function drupal_get_token($value = '') {
   return drupal_hmac_base64($value, session_id() . drupal_get_private_key() . drupal_get_hash_salt());