Yes and this is good so. But does not have much to do with the distribution of its random numbers.
None of this has to do with the distribution of random numbers. If you want to use a skewed RNG that will just help your players.
Of course you are underlining the advantages of "provably fairness" as you self advert for such a casino.
I suspect it's the other way around; he advertises
bitZino because he likes how they do things.
But the problem lies in the $playerSecret. A hash calculated on the clients computer does not provide as much proof as you tell.
It sounds like you don't understand the procedure. There's no hashing done on the client's computer. The client provides a seed having seen the hash of the server seed. The server then hashes the client and server secrets together to produce the final shuffle seed. You allow the player to pick their own seed after telling them the hash of the server seed; that way they can be sure you're not cheating them. Most players won't want to set the seed each hand, so the client computer provides a seed for them, but you allow them to edit it at will.
It can be manipulated too. To exclude that you have to make statistics
You can't prove it's fair using statistics. All your players could be losing, and house insiders could be 'winning' to balance the statistics. Also it sounds like you're keeping the bets off the blockchain, so statistics won't be verifiable by others; we'll have to trust that your published statistics are true.
As long as such a "provably fairness" isn't certified by a trusted 3rd party it's not so "provable" as it seems for an customer.
I don't need bitZino to have a trusted 3rd party audit their code to be sure they're not cheating me, unless you count mathematics as a trusted 3rd party. The whole point of "provable fairness" is that you don't need to trust anything other than the laws of mathematics.
But as long as the $playersecret is generated by some shady javascript on the casino website the "provably fair" is not as proved as you say.
If the player secret doesn't come from the player then it's not really a player secret; that's true.
Yes we could implement a "provably fair" algorithm, but it only would suggest the user a security he can't have.
For players who care, provable fairness gives them certainly that they're not being cheated.
For players who don't, provable fairness gives them a warm fuzzy feeling.
When a site refuses to offer provable fairness when almost all of their competitors do offer it, it puts me off playing there. What reason could they have for not wanting to be demonstrably fair?
So we decided that the user should decide on realistic parameter if he wants to trust us or not.
And they will...
The user should always be aware to get cheated on the internet. And we don't want to lull our customers into a false sense of security with algorithms which only look good.
OK. So give them real security with algorithms that actually are good.