
Main
Date: 07 Jan 2009 08:25:03
From: Porsche_Dan
Subject: Random Number Generators and Online Poker

Are there any cryptography people out there? I'm still trying to get a grip on the whole RNG thing. Do you know these testing organizations? www.bmm.com.au www.cigital.com http://www.tstglobal.com/ http://www.itechlabs.com.au/ And I guess the question is: Why do the top Poker sites all use different testing services for RNG validation? http://www.meaning.com/wiki/Truly_random The lack of sufficient entropy is the Achilles Heel of cryptography and anyone who considers arithmetical methods of random sequence generation is, of course, in a state of sin. (D. Knuth, The Art of Computer Programming: Volume 2, Seminumerical Algorithms, 2nd edition, AddisonWesley, 1981.) With a tip of the hat to Bruce Schneier: Random sequence generators [in any modern computer] are not random because they don't have to be. Most simple applications, like computer games, need so few random numbers that they hardly notice. However, cryptography is extremely sensitive to the properties of random number generators. Use a poor random sequence generator and you start getting weird correlations and strange results. (S. K. Park and K. W. Miller, "Random Number Generators: Good Ones Are Hard to Find," Communications of the ACM,v. 31, n. 10, Oct 1988, pp. 11921201. I. Peterson, "Monte Carlo Physics: A Cautionary Lesson," Science News, v. 142, n. 25, 19 Dec 1992, p. 422.) If security depends on your random number generator, weird correlations and strange results are the last things you want. The problem is that a random number generator doesn't produce a random sequence. It probably doesn't produce anything that looks even remotely like a random sequence. Of course, it is impossible to produce somthing truly random on a computer. Knuth quotes John von Neumann as saying: "Anyone who considers arithmetical methods of producing random digits is, of course, in a state of sin." (Knuth, The Art of Computer Programming: Volume 2, Seminumerical Algorithms, 2nd edition, AddisonWesley, 1981.) Computers are deterministic beasts : stuff goes in one end, completely predictable operations occur inside, and different stuff comes out the other end. Put the same stuff in on two separate occasions and the same stuff comes out both times. Put the same stuff into two identical computers, and the same stuff comes out of both of them. There are only a finite number of states in which a computer can exist (a [very] large finite number, but a finite number nonetheless), and the stuff that comes out will always be a deterministic function of the stuff that went in and the computer's current state. That means any random sequence generator on a computer (at least, on a Turing machine) is, by definition, periodic. Anything that is periodic is, by definition, predictable. And, if something is predictable, it can't be random. A true random sequence generator requires some random input; a computer can't provide that.  * killfiles, watchlists, favorites, and more.. www.recgroups.com



Date: 07 Jan 2009 16:55:59
From: richlp
Subject: Re: Random Number Generators and Online Poker

On Jan 7, 8:25=A0am, "Porsche_Dan" <[email protected] > wrote: > Are there any cryptography people out there? I'm still trying to get a > grip on the whole RNG thing. Do you know these testing organizations? > > www.bmm.com.auwww.cigital.comhttp://www.tstglobal.com/http://www.itechlab= s.com.au/ > > And I guess the question is: Why do the top Poker sites all use different > testing services for RNG validation? > > http://www.meaning.com/wiki/Truly_random > > The lack of sufficient entropy is the Achilles Heel of cryptography and > anyone who considers arithmetical methods of random sequence generation > is, of course, in a state of sin. (D. Knuth, The Art of Computer > Programming: Volume 2, Seminumerical Algorithms, 2nd edition, > AddisonWesley, 1981.) With a tip of the hat to Bruce Schneier: > > Random sequence generators [in any modern computer] are not random becaus= e > they don't have to be. Most simple applications, like computer games, nee= d > so few random numbers that they hardly notice. However, cryptography is > extremely sensitive to the properties of random number generators. Use a > poor random sequence generator and you start getting weird correlations > and strange results. (S. K. Park and K. W. Miller, "Random Number > Generators: Good Ones Are Hard to Find," Communications of the ACM,v. 31, > n. 10, Oct 1988, pp. 11921201. I. Peterson, "Monte Carlo Physics: A > Cautionary Lesson," Science News, v. 142, n. 25, 19 Dec 1992, p. 422.) If > security depends on your random number generator, weird correlations and > strange results are the last things you want. > > The problem is that a random number generator doesn't produce a random > sequence. It probably doesn't produce anything that looks even remotely > like a random sequence. Of course, it is impossible to produce somthing > truly random on a computer. Knuth quotes John von Neumann as saying: > "Anyone who considers arithmetical methods of producing random digits is, > of course, in a state of sin." (Knuth, The Art of Computer Programming: > Volume 2, Seminumerical Algorithms, 2nd edition, AddisonWesley, 1981.) > Computers are deterministic beasts : stuff goes in one end, completely > predictable operations occur inside, and different stuff comes out the > other end. Put the same stuff in on two separate occasions and the same > stuff comes out both times. Put the same stuff into two identical > computers, and the same stuff comes out of both of them. There are only a > finite number of states in which a computer can exist (a [very] large > finite number, but a finite number nonetheless), and the stuff that comes > out will always be a deterministic function of the stuff that went in and > the computer's current state. That means any random sequence generator on > a computer (at least, on a Turing machine) is, by definition, periodic. > Anything that is periodic is, by definition, predictable. And, if > something is predictable, it can't be random. A true random sequence > generator requires some random input; a computer can't provide that. > > =A0 > * killfiles, watchlists, favorites, and more..www.recgroups.com What's the point if the RNG is truly random or pseudorandom. Unless you can predict the sequence the numbers are random to all who interact with them.


Date: 07 Jan 2009 10:50:44
From: Beatsy
Subject: Re: Random Number Generators and Online Poker

On 7 Jan, 16:25, "Porsche_Dan" <[email protected] > wrote: > Are there any cryptography people out there? I'm still trying to get a > grip on the whole RNG thing. Do you know these testing organizations? > > www.bmm.com.auwww.cigital.comhttp://www.tstglobal.com/http://www.itechlab= s.com.au/ > > And I guess the question is: Why do the top Poker sites all use different > testing services for RNG validation? > > http://www.meaning.com/wiki/Truly_random > > The lack of sufficient entropy is the Achilles Heel of cryptography and > anyone who considers arithmetical methods of random sequence generation > is, of course, in a state of sin. (D. Knuth, The Art of Computer > Programming: Volume 2, Seminumerical Algorithms, 2nd edition, > AddisonWesley, 1981.) With a tip of the hat to Bruce Schneier: > > Random sequence generators [in any modern computer] are not random becaus= e > they don't have to be. Most simple applications, like computer games, nee= d > so few random numbers that they hardly notice. However, cryptography is > extremely sensitive to the properties of random number generators. Use a > poor random sequence generator and you start getting weird correlations > and strange results. (S. K. Park and K. W. Miller, "Random Number > Generators: Good Ones Are Hard to Find," Communications of the ACM,v. 31, > n. 10, Oct 1988, pp. 11921201. I. Peterson, "Monte Carlo Physics: A > Cautionary Lesson," Science News, v. 142, n. 25, 19 Dec 1992, p. 422.) If > security depends on your random number generator, weird correlations and > strange results are the last things you want. > > The problem is that a random number generator doesn't produce a random > sequence. It probably doesn't produce anything that looks even remotely > like a random sequence. Of course, it is impossible to produce somthing > truly random on a computer. Knuth quotes John von Neumann as saying: > "Anyone who considers arithmetical methods of producing random digits is, > of course, in a state of sin." (Knuth, The Art of Computer Programming: > Volume 2, Seminumerical Algorithms, 2nd edition, AddisonWesley, 1981.) > Computers are deterministic beasts : stuff goes in one end, completely > predictable operations occur inside, and different stuff comes out the > other end. Put the same stuff in on two separate occasions and the same > stuff comes out both times. Put the same stuff into two identical > computers, and the same stuff comes out of both of them. There are only a > finite number of states in which a computer can exist (a [very] large > finite number, but a finite number nonetheless), and the stuff that comes > out will always be a deterministic function of the stuff that went in and > the computer's current state. That means any random sequence generator on > a computer (at least, on a Turing machine) is, by definition, periodic. > Anything that is periodic is, by definition, predictable. And, if > something is predictable, it can't be random. A true random sequence > generator requires some random input; a computer can't provide that. > > =A0 > * killfiles, watchlists, favorites, and more..www.recgroups.com A couple of decades ago, I worked as a s/w engineer with a company that produced kit for the bingo industry. One of the hardware products was a rackmount RNG, used to digitally simulate randomly picked bingo balls. The bingo caller application queried the h/w RNG across a standard network to get the next random ball number... The randomness was based on the output of noisy diode. No seed, no repetition, and not even theoretically predictable (and certified truly random etc). I'd have thought the poker sites would use these. Don't they? Are all online poker RNG's s/w based? Not that it *really* matters  pseudo random is entirely fit for purpose in all practical senses.

 
Date: 07 Jan 2009 14:52:19
From: Neverchop
Subject: Re: Random Number Generators and Online Poker

"Beatsy" <[email protected] > wrote in message news:[email protected]m... > I'd have thought the poker sites would use these. Don't they? Are all > online poker RNG's s/w based? > > Not that it *really* matters  pseudo random is entirely fit for > purpose in all practical senses. I'm pretty sure that FT uses a hardware based sys.

 
Date: 07 Jan 2009 11:09:21
From: XaQ Morphy
Subject: Re: Random Number Generators and Online Poker

On Jan 7 2009 12:50 PM, Beatsy wrote: > I'd have thought the poker sites would use these. Don't they? Are all > online poker RNG's s/w based? Stars has this listed on their site somewhere. I just looked at it a few days ago to answer a question from a friend. I can't get to the site now but I remember it saying they use 2 seeds: a hardware seed as well as collections of mouse movements and user input from the site itself.  Morphy [email protected] http://www.donkeymanifesto.com "SHUT UP IDIOT" The Great Patholio  : the next generation of webnewsreaders : http://www.recgroups.com

  
Date: 07 Jan 2009 11:29:44
From: Scott/sjakma
Subject: Re: Random Number Generators and Online Poker

On Jan 7 2009 2:09 PM, XaQ Morphy wrote: > On Jan 7 2009 12:50 PM, Beatsy wrote: > > > I'd have thought the poker sites would use these. Don't they? Are all > > online poker RNG's s/w based? > > Stars has this listed on their site somewhere. I just looked at it a few > days ago to answer a question from a friend. I can't get to the site now > but I remember it saying they use 2 seeds: a hardware seed as well as > collections of mouse movements and user input from the site itself. > >  > Morphy > [email protected] > http://www.donkeymanifesto.com > "SHUT UP IDIOT" The Great Patholio Stars uses an Intel product that uses thermal noise as an entropy source.  : the next generation of webnewsreaders : http://www.recgroups.com

   
Date: 07 Jan 2009 11:30:38
From: Scott/sjakma
Subject: Re: Random Number Generators and Online Poker

> > > Stars uses an Intel product that uses thermal noise as an entropy source. along with mouse movements. ________________________________________________________________________ looking for a better newsgroupreader?  www.recgroups.com


Date: 07 Jan 2009 17:58:54
From: Gareth ErskineJones
Subject: Re: Random Number Generators and Online Poker

On Wed, 07 Jan 2009 08:25:03 0800, "Porsche_Dan" <[email protected] > wrote: >Are there any cryptography people out there? I know a bit about it.  snip  >The problem is that a random number generator doesn't produce a random >sequence. Correct. >It probably doesn't produce anything that looks even remotely >like a random sequence. Incorrect  a decent random number generator produces sequences that are for all practical purposes indistinguishable from random sequences. This is why security systems like RSA's SecurID are widely used in situations where security is extremely important. >Computers are deterministic beasts : stuff goes in one end, completely >predictable operations occur inside, and different stuff comes out the >other end. Put the same stuff in on two separate occasions and the same >stuff comes out both times. Put the same stuff into two identical >computers, and the same stuff comes out of both of them. There are only a >finite number of states in which a computer can exist (a [very] large >finite number, but a finite number nonetheless), and the stuff that comes >out will always be a deterministic function of the stuff that went in and >the computer's current state. That means any random sequence generator on >a computer (at least, on a Turing machine) is, by definition, periodic. >Anything that is periodic is, by definition, predictable. Yes, but once you have a decent (meaning one that hasn't been broken) random number generating algorithm, then to predict the next number, you need to know the seed used, and whereabouts in the sequence you are. The fact that the sequence is periodic doesn't matter if the period is large enough. > And, if >something is predictable, it can't be random. A true random sequence >generator requires some random input; a computer can't provide that. But it doesn't need to be random  it needs to share some characteristics with a random sequence (e.g. if the sequence is of decimal digits, then the digit 6 should occur roughly one tenth of the time, any two digit sequence should occur roughtly one hundredth of the time etc.). If an online gaming company tried to write its own RNG algorithm, then they are likely to run into problems (just as if they tried to write their own encryption algorithm)  it's much better to use an off the shelf algorithm which has been subject to a lot of scrutiny by professional cryptographers. If you wanted to cheat in an online poker game, predicting the output of the RNG is by far the hardest way to go  simple collusion is more likely to work. GEJ

 
Date: 08 Jan 2009 21:35:55
From: Owner
Subject: Re: Random Number Generators and Online Poker

Actually, you don't necessarily have to know the seed. From the wikipedia article on the Montreal Casino ...=20 Keno scandal In April 1994, Daniel Corriveau managed to win $600,000 CAD playing the=20 Casino de Montr=E9al keno. He was able to pick 19 of the 20 winning=20 numbers three times in a row. Corriveau claims he used a computer and=20 Chaos Theory to discern a pattern in the sequence of numbers. It was=20 later found that the sequence was made easier to predict because the=20 Casino was using an inadequate electronic pseudorandom number generator.=20 In fact, the electronic keno machine was reset every morning with the=20 same seed number, producing the same sequence of numbers every day.=20 Corriveau received his winnings after investigators cleared him of any=20 wrongdoing. In article <[email protected] >, [email protected]=20 says... >=20 > Yes, but once you have a decent (meaning one that hasn't been broken) > random number generating algorithm, then to predict the next number, > you need to know the seed used, and whereabouts in the sequence you > are. The fact that the sequence is periodic doesn't matter if the > period is large enough. >=20 Geoff


Date: 07 Jan 2009 08:59:11
From: Scott/sjakma
Subject: Re: Random Number Generators and Online Poker

On Jan 7 2009 11:25 AM, Porsche_Dan wrote: > Are there any cryptography people out there? I'm still trying to get a > grip on the whole RNG thing. Do you know these testing organizations? > > www.bmm.com.au > www.cigital.com > http://www.tstglobal.com/ > http://www.itechlabs.com.au/ I just contacted a few friends who are considered experts in this field and all agree that Cigital is a legit company that does good work. They have never heard of the three other companies. _______________________________________________________________________ : the next generation of webnewsreaders : http://www.recgroups.com

 
Date: 07 Jan 2009 12:05:05
From: Porsche_Dan
Subject: Re: Random Number Generators and Online Poker

On Jan 7, 8:59=A0am, "Scott/sjakma" <[email protected] > wrote: > On Jan 7 2009 11:25 AM, Porsche_Dan wrote: > > > Are there any cryptography people out there? I'm still trying to get a > > grip on the whole RNG thing. Do you know these testing organizations? > > >www.bmm.com.au > >www.cigital.com > >http://www.tstglobal.com/ > >http://www.itechlabs.com.au/ > > I just contacted a few friends who are considered experts in this field > and all agree that Cigital is a legit company that does good work. =A0 Th= ey > have never heard of the three other companies. > > _______________________________________________________________________= =A0 > : the next generation of webnewsreaders :http://www.recgroups.com FYI: PokerStars uses Cigital and Bmm, FTP uses tstglobal and Party uses itechlabs.


Date: 07 Jan 2009 08:45:37
From: FangBanger
Subject: Re: Random Number Generators and Online Poker

On Jan 7 2009 10:25 AM, Porsche_Dan wrote: > Are there any cryptography people out there? I'm still trying to get a > grip on the whole RNG thing. Do you know these testing organizations? > > www.bmm.com.au > www.cigital.com > http://www.tstglobal.com/ > http://www.itechlabs.com.au/ > > And I guess the question is: Why do the top Poker sites all use different > testing services for RNG validation? If you assume that these regulatory agencies are legite , using just one for all the sites would invite undetectable cheating , like what the guy did who worked for the Nevada Gaming Commision, when he as a regulator slipped a program in cheat machines he was supposed to be monitoring . I think the regulatory agencies are shams used to instill a false sense of security. Kinda like Mall Cops ..supposed to look good ..totally useless!! > > http://www.meaning.com/wiki/Truly_random > > The lack of sufficient entropy is the Achilles Heel of cryptography and > anyone who considers arithmetical methods of random sequence generation > is, of course, in a state of sin. (D. Knuth, The Art of Computer > Programming: Volume 2, Seminumerical Algorithms, 2nd edition, > AddisonWesley, 1981.) With a tip of the hat to Bruce Schneier: > > Random sequence generators [in any modern computer] are not random because > they don't have to be. Most simple applications, like computer games, need > so few random numbers that they hardly notice. However, cryptography is > extremely sensitive to the properties of random number generators. Use a > poor random sequence generator and you start getting weird correlations > and strange results. (S. K. Park and K. W. Miller, "Random Number > Generators: Good Ones Are Hard to Find," Communications of the ACM,v. 31, > n. 10, Oct 1988, pp. 11921201. I. Peterson, "Monte Carlo Physics: A > Cautionary Lesson," Science News, v. 142, n. 25, 19 Dec 1992, p. 422.) If > security depends on your random number generator, weird correlations and > strange results are the last things you want. > > The problem is that a random number generator doesn't produce a random > sequence. It probably doesn't produce anything that looks even remotely > like a random sequence. Of course, it is impossible to produce somthing > truly random on a computer. Knuth quotes John von Neumann as saying: > "Anyone who considers arithmetical methods of producing random digits is, > of course, in a state of sin." (Knuth, The Art of Computer Programming: > Volume 2, Seminumerical Algorithms, 2nd edition, AddisonWesley, 1981.) > Computers are deterministic beasts : stuff goes in one end, completely > predictable operations occur inside, and different stuff comes out the > other end. Put the same stuff in on two separate occasions and the same > stuff comes out both times. Put the same stuff into two identical > computers, and the same stuff comes out of both of them. There are only a > finite number of states in which a computer can exist (a [very] large > finite number, but a finite number nonetheless), and the stuff that comes > out will always be a deterministic function of the stuff that went in and > the computer's current state. That means any random sequence generator on > a computer (at least, on a Turing machine) is, by definition, periodic. > Anything that is periodic is, by definition, predictable. And, if > something is predictable, it can't be random. A true random sequence > generator requires some random input; a computer can't provide that. Those who can make you believe absurdities can make you commit atrocities. Voltaire  RecGroups : the communityoriented newsreader : www.recgroups.com

