With the Just-Dice CoinDice script, how do you verify that the seed you send, is the same seed and not a ambiguous variation?
But maybe I've misunderstood your question; please let me know what you're really asking.
Seems I confused JustDice with the CoinDice script. (Where this is possible)
I'll explain it a bit. Its indeed what RHavar said.
1 - "KjglBXrzAQcIpNnHOsuLPjVWFLJlCjRoYFIL"
2 - "KjglBXrzAQcIpNnHOsuLPjVWFLJICjRoYFIL"
1 -(sha256: d24e0b0fcb115626c485af2ece757fd6f8f02238c5e3f8c5d0cb13ed95f1d9e0)
2 -(sha256: 89e598b3d27c9a0af89001427422e375afe64c4ee4f4ac4839df9a7a69db9604)
Looks pretty much the same. so ambigious font/styling could allow 2^n rolls (n being the number of characters that could be subbed) to try for the "hosters" of dicescripts to get a winning result. (betting scripts that don't show seeds in hex for example.)
EDIT:
This is firefox:
https://i.imgur.com/HpfV5Cy.png THis is chrome:
http://gyazo.com/a724930ce28fa55f598970be65250249
It's a cute thought experiment, but it would be one of the stupidest ways imaginable for a casino to cheat. If anyone noticed (and they almost certainly would if they verified any bets), it would prove malicious intent. If a casino was going to cheat, it'd be better off doing it in a way that has plausible deniability ("Whoops, the change to your client seed didn't update in the db! Maybe you didn't submit it?")
But it completely possible in the CoinDice script. (again, I was confuddled regarding the CoinDice / JustDice thing).
Because in the end, do you read the js of a page? and is what you see the same seed. without clientside logging, seeds that are not hex or bin, but ascii are a problem because they leave vectors open.
But ofc dropping bets. or skipping/silently returning bets are the most likely suspects.
But on the forcing of setting a client seed, well thats maybe a point, but still considering the way the serverseeds are chained on cbf. And how they are implemented in the verifier not setting the clientseed is still not a big deal. ofc you can. But as long as the dailyseeds match up aswell as betverification. that bet was provable fair, because the server can't change it clientseed.
