| ||
W3C HTML Hidden Field specification: www.w3.org/TR/REC-html32#fields
Practical Cryptography by Niels Ferguson and Bruce Schneier (Wiley, 2003), 6.3 Weaknesses of Hash Functions
PEAR HMAC: http://pear.php.net/package/Crypt_HMAC
Hold Your Sessions: An Attack on Java Session-Id Generation by Zvi Gutterman and Dahlia Malkhi: http://research.microsoft.com/~dalia/pubs/GM05.pdf