Show Posts
Licensed by whom? A government authority that inspects an RNG once a year? No thanks, I'll stick to provably fair sites where I can verify for myself if they are cheating.
Regarding that, I must point out that if you are not careful enough, you can still be cheated:
First of all, I didn't directly accuse that FreeBitco is manipulating the Rolls because I wouldn't be taken seriously if I did so.
It's better to provide all the information necessary so you can check it by yourselves and even maybe convince FreeBitco to improve their system.
I will explain this in two stages:
First the current (and exploitable) implementation:
1) You Login into FreeBitco and click on the "THIS GAME IS PROVABLY FAIR!"
2) In this screen, the Server *promises* that it will calculate the next roll using your Client Seed + next Nonce + Server Seed. (Server sends you the Hash of that seed so you can check it later, that's perfectly implemented).
3) You save the server seed hash and you hit Roll.
4) The server does all the math. Using the Client Seed, the Nonce, and the secret Server Seed.
5) Then here is where the server MAY say: Oh wait.. I do not like this roll. Let's use the Client Seed, the Nonce, but let's break the promise of which Seed we were going to use.
6) You verify your bet using the bet History (which was saved by the Server). The math here rounds up perfectly and the game seems provably-fair.
There are two problems for you with this implementation regarding how can you verify that you were cheated:
1) You will need to do this for probably thousands of rolls until the server attempts to cheat on you.
2) Once you eventually find a discrepancy, you will be left proof-less and alone. The server promised you it was going to use Hash111 but ended up using Hash222, in the History it stored Hash222 for you to verify/share the bet result.
Now, here is the basic idea on how it should be implemented:
1) Server generates a new secret Seed. Sets the Nonce to 0. And returns you the SHA256 of that Seed.
2) When you roll, you provide your own Client seed to the server.
3) The server calculates the roll using it's secret seed + nonce + client seed.
4) Server increases the Nonce by one. And keeps the same server seed for the next roll.
5) If I want to verify my bets (and only if I ask for it). The server reveals it's secret seed to me and re-executes step 1 for future rolls.
6) The server should add an entry to the history saying that I manually requested the server to reveal the seed.
This way, the server should be able to calculate all rolls without changing the promised seed unless you ask for the seed. Also, you don't need to save each server seed hash and compare it with the one used in the rolls history.
(It can still cheat you into saying you asked for the Seed for verifying before you actually rolled and thus generating a losing seed)
But at least this way it will be way more visible for you to see if your are being cheated, because you will see that the server changed the seed without you asking to reveal the seed.
It's not perfect. But this way it will be extremely hard for them to conceal the cheating.
To compensate the problem of this proposed approach, an option is that the server provides and resets the server Seed and Nonce every week. This way the server cannot cheat the History by saying that you requested the seed for verifying when you didn't.
You will only be able to verify your bets every week, but it can be optional with a setup with a cooldown.
Sorry for the delayed response. I'll do my best to answer all the details.
It's better to provide all the information necessary so you can check it by yourselves and even maybe convince FreeBitco to improve their system.
I will explain this in two stages:
First the current (and exploitable) implementation:
1) You Login into FreeBitco and click on the "THIS GAME IS PROVABLY FAIR!"
2) In this screen, the Server *promises* that it will calculate the next roll using your Client Seed + next Nonce + Server Seed. (Server sends you the Hash of that seed so you can check it later, that's perfectly implemented).
3) You save the server seed hash and you hit Roll.
4) The server does all the math. Using the Client Seed, the Nonce, and the secret Server Seed.
5) Then here is where the server MAY say: Oh wait.. I do not like this roll. Let's use the Client Seed, the Nonce, but let's break the promise of which Seed we were going to use.
6) You verify your bet using the bet History (which was saved by the Server). The math here rounds up perfectly and the game seems provably-fair.
There are two problems for you with this implementation regarding how can you verify that you were cheated:
1) You will need to do this for probably thousands of rolls until the server attempts to cheat on you.
2) Once you eventually find a discrepancy, you will be left proof-less and alone. The server promised you it was going to use Hash111 but ended up using Hash222, in the History it stored Hash222 for you to verify/share the bet result.
Now, here is the basic idea on how it should be implemented:
1) Server generates a new secret Seed. Sets the Nonce to 0. And returns you the SHA256 of that Seed.
2) When you roll, you provide your own Client seed to the server.
3) The server calculates the roll using it's secret seed + nonce + client seed.
4) Server increases the Nonce by one. And keeps the same server seed for the next roll.
5) If I want to verify my bets (and only if I ask for it). The server reveals it's secret seed to me and re-executes step 1 for future rolls.
6) The server should add an entry to the history saying that I manually requested the server to reveal the seed.
This way, the server should be able to calculate all rolls without changing the promised seed unless you ask for the seed. Also, you don't need to save each server seed hash and compare it with the one used in the rolls history.
(It can still cheat you into saying you asked for the Seed for verifying before you actually rolled and thus generating a losing seed)
But at least this way it will be way more visible for you to see if your are being cheated, because you will see that the server changed the seed without you asking to reveal the seed.
It's not perfect. But this way it will be extremely hard for them to conceal the cheating.
To compensate the problem of this proposed approach, an option is that the server provides and resets the server Seed and Nonce every week. This way the server cannot cheat the History by saying that you requested the seed for verifying when you didn't.
You will only be able to verify your bets every week, but it can be optional with a setup with a cooldown.
Sorry for the delayed response. I'll do my best to answer all the details.
Then, regarding solosss madness. I do not agree with how he is expressing himself, but I do consider the possibility of the site taking extreme measures to stop bots. Most of the time this measures comes with high collateral damage (as we are seeing for the last 10-20 posts).
IMHO, I prefer to be part of collateral damage from a hammer-ban (and ask for support to restore such account) than the site manipulating rolls or cheating for the sake of stopping bots by cutting profits to everyone (bots and humans).
Every faucet would be at least 10 times bigger than it is today if there weren't bots out there.
