Original script: https://github.com/coinables/Bitcoin-Faucet-Dice-Faucet-Box

So yes, it turns out that the dice script being used by a handful of faucets here can be brute-forced offline if you know the `Date` header sent from the server and the next hash.

Brute forcing the hash can take a couple of hours on one computer, that's a painful wait, but with even couple of extra spare computers I determined that the return on investment would be higher than mining bitcoin. So I added a tool which allows you to distribute the work on 1-1000 servers, which can bring the time down to a handful of minutes or even seconds.

Anyway, the script is poorly written by a novice coder who doesn't have a background or very deep understanding of cryptography, that's not a bad thing - everybody has to learn somehow. But placing your trust in a random third-party script that you got off the internet... maybe not the best thing to do.

I am interested in auditing more 'provably fair' systems, feel free to get in-touch via GitHub.

Questions?