JackpotRacer
Legendary
 Offline
Activity: 1974
Merit: 1014
All Games incl Racer and Lottery game are Closed
|
 |
December 16, 2015, 09:52:55 AM |
|
To answer OP's question, There are different types/kinds of "scripts/algo" one can use to generate a random seed, and most of the time, it varies from site to site, depending on how it was programmed by their dev. But nowadays, devs stick to what is "common" therefor you might see different sites that uses same algo to generate a random seed. But ofcourse it doesn't mean both site will have the same server seed, (tho there is a very very slim chance it could happen).
You can program a computer to generate a random number, but that program is and will always be at the mercy of its programming. So you cannot actually say that it has given you a random number because the fact is, its just following the sequence of how it is programmed, it generally starts with something then follows a pattern. Tho the complexity of the result is enough to be called random, its never truly random since it is just ruled by a consistently repeating algorithm. This are called "pseudo-random number generators" (PRNG). And most of the site uses this kind of way to generate their seeds.
So any script/algo programmed on a computer is always a PRNG? Answer is No.. One can generate a True Random Number Generator (TRNG) on a computer, this is by use of different kinds of entropy. Some uses a device that relies on thermal, noise or any unpredictable environmental elements that we as humans have no control over. And this can be called a true random number generator. Like ryan said, one can use /dev/random, which uses environmental noise. Another example is, Random.org, which they claim, uses atmospheric noise to generate a true randomness.
So the fact is, most sites uses PRNG? Yes. So there is a possibility to crack it? YES and NO. If we talk of possibility, then yes there is always a possibility of something, but the probability of that happening is so low. Like i said above, the complexity of the results of a PRNG is enough to be called random, therefore the chance to crack a single seed is so low that if compared, you'd have better chance of winning the lottery than trying to crack it in a lifetime.
-uni
thank you very much for taking the time to explain your knowledge in a more detailed way. as I know you are a coder so if all depends on you regarding the provably fair implementation nothing bad can happen to your bank roll. but you know what happened to Magical Dice  how could they or any other non coder (like we) prevent this to happen? In an online business, there is no 100% fool proof against this. Even big companies can get in trouble if their devs turn to rogue. But there are ways to prevent this. One example is a structural design of your system. One dev should only be assigned to a certain part of the system and not have access to everything. If the your system is project based, then one dev should have no access to the system at all once the project is finish. Another is to hire a 3rd party security guy that will double check your site's code and integrity. There maybe other ways, but the fact is, it is doable. But personally, my opinion is, an owner "MUST" atleast know the basic logic of his own system, you don't have to know how to code, but know how your system works is a must. Trust is a big word when it comes to this "pixelized" online world, but with proper preparation and strategy, an owner wont need this to have a successful site. The issue with magicaldice is that, they hired a dev, and trusted the dev to run the site and have full access. When MD1 went live, the dev should no longer have access to their database, and only grant access to the dev on special occasions like fixing bugs etc..and then immediately revoke it once it is fixed. I know there maybe "holes" on my statement, but thats the basic. Owners already had this idea, what if their dev create an alt and play.. But they trusted their dev not to do it, which is totally wrong. -uni thank you again for the detailed answer very much appreciated please let me ask you if there is a way to let someone code and implement the provably fair option and then close it like a safe that no one will have access and in case the safe is damaged we will see it and stop the game. we can't code and don't have the provably fair knowledge to run a casino on our own we would always need coder. the sharks would eat us alive  like it happened with MD that is mainly the reason why we are on moneypot thanks again |
|
|
|
Betwrong
Legendary
Offline
Activity: 3500
Merit: 2242
🌀 Cosmic Casino
|
|
December 16, 2015, 09:58:11 AM |
|
To answer OP's question, There are different types/kinds of "scripts/algo" one can use to generate a random seed, and most of the time, it varies from site to site, depending on how it was programmed by their dev. But nowadays, devs stick to what is "common" therefor you might see different sites that uses same algo to generate a random seed. But ofcourse it doesn't mean both site will have the same server seed, (tho there is a very very slim chance it could happen).
You can program a computer to generate a random number, but that program is and will always be at the mercy of its programming. So you cannot actually say that it has given you a random number because the fact is, its just following the sequence of how it is programmed, it generally starts with something then follows a pattern. Tho the complexity of the result is enough to be called random, its never truly random since it is just ruled by a consistently repeating algorithm. This are called "pseudo-random number generators" (PRNG). And most of the site uses this kind of way to generate their seeds.
So any script/algo programmed on a computer is always a PRNG? Answer is No.. One can generate a True Random Number Generator (TRNG) on a computer, this is by use of different kinds of entropy. Some uses a device that relies on thermal, noise or any unpredictable environmental elements that we as humans have no control over. And this can be called a true random number generator. Like ryan said, one can use /dev/random, which uses environmental noise. Another example is, Random.org, which they claim, uses atmospheric noise to generate a true randomness.
So the fact is, most sites uses PRNG? Yes. So there is a possibility to crack it? YES and NO. If we talk of possibility, then yes there is always a possibility of something, but the probability of that happening is so low. Like i said above, the complexity of the results of a PRNG is enough to be called random, therefore the chance to crack a single seed is so low that if compared, you'd have better chance of winning the lottery than trying to crack it in a lifetime.
-uni
Thank you very much for your explanation! It is written in simple language and at the same time is shedding light on such complicated and incomprehensible things that I can say nothing but WOW! Man, you should write books. |
|
|
|
|
MillionsBTCdev
|
|
December 16, 2015, 11:29:56 AM |
|
thank you again for the detailed answer very much appreciated please let me ask you if there is a way to let someone code and implement the provably fair option and then close it like a safe that no one will have access and in case the safe is damaged we will see it and stop the game. we can't code and don't have the provably fair knowledge to run a casino on our own we would always need coder. the sharks would eat us alive like it happened with MD that is mainly the reason why we are on moneypot thanks again Yes there is a way. One example is, if you hire a dev to create a website for you, have it done on a test server. once it is done, the dev will give you the full source with installation instructions to your own server. Before installing, have a 3rd party check the code for you. Again this is before you install it on your live server, meaning, database names, database password and other critical variables are not yet set. A good dev keeps notes, but a great dev gives detailed documentations. Have your dev give you a documentation, maybe a pdf or something that gives a detailed explanation on how the system works in a layman's term, documentation includes processes, every page's role, the logic on how the system works, the algorithm used, 3rd party scripts use if there are any, installation instructions, security modules or scripts used.. etc.. Once code has been checked, you then install it on your live server, and its the only time where you will be asked for database names, database passwords etc.. Doing this, you can be sure that only you knows the critical variables for your site..Some site open up a semi-production site which they call beta version of the site, which is open for public to check for bugs etc. And if ever bugs occurs, the original dev has the original source code, therefor, he can have it fixed on his end without accessing the live server itself, then he can just give you an updated source to fix the bug, you can have a 3rd party check it again..All this depends on what is the agreement between you and the dev. There are many ways on how one can prevent a dev from turning against the owner. Above is just one example i can think of. -uni |
|
|
|
JackpotRacer
Legendary
Offline
Activity: 1974
Merit: 1014
All Games incl Racer and Lottery game are Closed
|
|
December 16, 2015, 12:16:57 PM |
|
thank you again for the detailed answer very much appreciated please let me ask you if there is a way to let someone code and implement the provably fair option and then close it like a safe that no one will have access and in case the safe is damaged we will see it and stop the game. we can't code and don't have the provably fair knowledge to run a casino on our own we would always need coder. the sharks would eat us alive like it happened with MD that is mainly the reason why we are on moneypot thanks again Yes there is a way. One example is, if you hire a dev to create a website for you, have it done on a test server. once it is done, the dev will give you the full source with installation instructions to your own server. Before installing, have a 3rd party check the code for you. Again this is before you install it on your live server, meaning, database names, database password and other critical variables are not yet set. A good dev keeps notes, but a great dev gives detailed documentations. Have your dev give you a documentation, maybe a pdf or something that gives a detailed explanation on how the system works in a layman's term, documentation includes processes, every page's role, the logic on how the system works, the algorithm used, 3rd party scripts use if there are any, installation instructions, security modules or scripts used.. etc.. Once code has been checked, you then install it on your live server, and its the only time where you will be asked for database names, database passwords etc.. Doing this, you can be sure that only you knows the critical variables for your site..Some site open up a semi-production site which they call beta version of the site, which is open for public to check for bugs etc. And if ever bugs occurs, the original dev has the original source code, therefor, he can have it fixed on his end without accessing the live server itself, then he can just give you an updated source to fix the bug, you can have a 3rd party check it again..All this depends on what is the agreement between you and the dev. There are many ways on how one can prevent a dev from turning against the owner. Above is just one example i can think of. -uni
thank you very much again this was very helpful for us because this could be a solution for us old men who cannot code.btw I can't connect to your app |
|
|
|
|
MillionsBTCdev
|
|
December 16, 2015, 01:27:29 PM |
|
thank you again for the detailed answer very much appreciated please let me ask you if there is a way to let someone code and implement the provably fair option and then close it like a safe that no one will have access and in case the safe is damaged we will see it and stop the game. we can't code and don't have the provably fair knowledge to run a casino on our own we would always need coder. the sharks would eat us alive like it happened with MD that is mainly the reason why we are on moneypot thanks again Yes there is a way. One example is, if you hire a dev to create a website for you, have it done on a test server. once it is done, the dev will give you the full source with installation instructions to your own server. Before installing, have a 3rd party check the code for you. Again this is before you install it on your live server, meaning, database names, database password and other critical variables are not yet set. A good dev keeps notes, but a great dev gives detailed documentations. Have your dev give you a documentation, maybe a pdf or something that gives a detailed explanation on how the system works in a layman's term, documentation includes processes, every page's role, the logic on how the system works, the algorithm used, 3rd party scripts use if there are any, installation instructions, security modules or scripts used.. etc.. Once code has been checked, you then install it on your live server, and its the only time where you will be asked for database names, database passwords etc.. Doing this, you can be sure that only you knows the critical variables for your site..Some site open up a semi-production site which they call beta version of the site, which is open for public to check for bugs etc. And if ever bugs occurs, the original dev has the original source code, therefor, he can have it fixed on his end without accessing the live server itself, then he can just give you an updated source to fix the bug, you can have a 3rd party check it again..All this depends on what is the agreement between you and the dev. There are many ways on how one can prevent a dev from turning against the owner. Above is just one example i can think of. -uni
thank you very much again this was very helpful for us because this could be a solution for us old men who cannot code.btw I can't connect to your app We had some issues regarding DDos, server was attacked while i was asleep, and my node crashed, It was unexpected, but its fixed now. Thanks |
|
|
|
|
