If you're reading this post, you may be just as intrigued about bitZino's Provably Fair system of guaranteeing fair hands as I was many months ago.
[...]
What a well written, well reasoned post! It's almost as if you're a different person than the one who wrote your previous posts.
Or did you just copy and paste
someone else's work?
You forgot to include attribution, and also forgot to include Larry's rebuttals, which you can find in the same thread:
[–]libertaad 10 points 2 days ago (12|2)
Creator of bitZino here. Thanks for writing this post, TrevorXavier! I firmly believe that the best cryptography is that which is practiced in the open, with honest and open discussion about any possible weaknesses or avenues of attack.
I've read through your entire post, and I believe that at the core, you are discussing two main issues you see with our provably fair system:
The first issue is that of "stalling". In the rare event that our servers do fail to respond (either due to internet connectivity issues, or downtime on our end), this problem can easily be mitigated by a player by simply ensuring the Hash(secret) has not changed, and then re-entering the same client_seed after reloading the page.
The second issue is that of tainting the javascript that is being executed on the player's browser (Cold Deck, Hot Reading, Mutation, and Controlled Secret all fall under this). I do agree that if we managed to slip dirty code past our users, these are potentially viable attacks. However. these are all very high-risk frauds to perpetrate, because if we were caught doing this, even once, we would completely sacrifice our reputation and future earnings potential.
Furthermore, these attacks are all relatively easy for a savvy user to detect. Since modern browsers come with built-in network analysis tools, it is easy for anyone to see all data being sent down the wire. These tools would make it very easy to detect if we tried to sneak javascript partials into ajax requests.
Ultimately though, a player can be protected from all of these attacks by running a client-side greasemonkey script which generates the client_seed (rather than relying on any code sent from our servers). And, in fact, this is already possible today due to the nature of our app being in HTML5. We have already seen a handful of our players doing this on their own (we can detect it because the client_seeds they send are formatted differently than the ones our javascript generates). Additionally, if a player just edits the client_seed by hand before they play, they are also protected from any of the attacks you listed.
At the end of the day, we still haven't fully solved the trust issue of browser-based cryptography. But, our system still accomplishes its goal - it forces us to either be honest, or take a large risk. We simply have no way to manipulate the outcome of any wagers made on bitZino without taking a risk of being caught. That's why our system is indeed provably fair: it allows savvy players to ensure the house isn't cheating them.
Thanks again for the insightful post!
As for this:
except dooglus who is a shill for bitZino and blocked on my account so I can't even see his little trolling comments and will not respond to anything he tries to say even should he make another account to try and say something.
I'm not a shill. I just don't want to let your inaccurate statements stand unchallenged. I don't care whether you read my corrections or respond to them. They're not for your benefit; you seem incapable of understanding. They're for the benefit of others who might otherwise swallow your bullshit.