Topic: 🎲 DiceSites.com - List of dice sites w/ statistics, graphs & verifiers - page 12. (Read 42103 times)

From the abstract:

SHA-256 has 64 rounds and SHA-512 has 80 rounds. Since this is impossible to attack, researchers reduce the number of rounds and try to attack that. It gets exponentially more difficult though. So if 24 rounds (from that paper) or even 28 rounds (based on latest papers) of SHA-256 are practical enough to attack - it still doesn't compromise the security of full SHA-2 at all.

I will repeat: There are no known SHA-2 collisions.

How about you just give me 1 example of a SHA-256 and SHA-512 collision? Since you claim dice site owners can generate these on the fly, you should easily be able to give us just 1? If you want we make a bet out of, I will be happy to bet some coins on this (with escrow obviously.)

Do you read my message?


example: New Collision attacks Against Up To 24-step SHA-2
https://eprint.iacr.org/2008/270.pdf

Did you even read the title of that paper? "Freestart collision for full SHA-1".

We are talking about SHA-2 (includes SHA-256 and SHA-512) - used by the dice sites.

read about it.
https://eprint.iacr.org/2015/967.pdf

if you want you can find for sha256 and sha512.

Provided hash before bet - not guarantee fair

Thanks Nico.

I think it's the right call. I hope so too but it's not looking good at the moment.

-SoraAoi

I have considered to remove them before for having bad support, but generally the issues were always solved "eventually". These latest issues seem to be very serious though and about big amounts, so I removed them from my site for now too. Note that I do still track the stats at https://dicesites.com/satoshidice I hope it will all still be resolved.

Hey Nico,

Just a heads up. I think you should really consider removing SatoshiDice from your website.

I've had two friends recently tell me ~49 btc and ~77 btc have disappeared from their accounts the past week. The only response they have received from support so far is that they are "looking into it."

I then took the time to read old posts from their thread since December and there have been other numerous issues. This includes ignoring claims of btc amounts disappearing from player accounts, refusing to honor past tlb payouts, and never properly addressing an empty hotwallet.

-Sora Aoi

You CAN yes, but it's highly unlikely.

sha has 2^256 different combinations, or 1.15x10^77. using the total bitcoin hash rate of about 2,467,177,537,000 million hashes per second, it would still take about 7x10^56 years to have about a 50% chance of having cracked your seed.
That's 7 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 years
Many people don't understand the significance of this many zeros. For instance, the latest estimates put the universe at 13 772 000 000 years old.

Entropy would likely run out long before you've had a 50% chance of cracking your seed. Meaning the universe is going to die long before you're likely to crack your seed.

Sha512 is even longer, as it has 2^512 combinations, or 1.34x10^154

But technically you can get lucky and hit it on your first try.

Edit: I don't understand how the sha algorithms work (my math is not nearly good enough for that) but as I understand, simply having a hash collision won't be good enough for the RNG purposes. You need the exact same match. For instance:

Hello and qwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnm might result in the same hash, but as I understand the hashing algorithms, 1:Hello:clientseed and 1:qwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnm:clientseed is NOT going to give you the same hash, which means the numbers you're going to get from the RNG is going to be different. Any cryptography boffins are free to correct me if I'm wrong about this.

you can find for sha-256 and 512

Good luck to your site.

I really like your site, but the design could be improved a bit :/ The basic bootstrap it's just like meh..
Anyway, keep it up. You could easily put paid ads on your site after you reach a given views/day.
cheers.

That's called "hash collisions". Dice sites always use SHA-2 to hash their serverseeds. SHA-2 has no known hash collisions.

Note: if it were that easy to make collision attacks on SHA-2, dice sites would be the least of your worries. Governments, bitcoin, the Internet, banks, etc. would all have a huge problem.



edit: you are talking about MD5. Dice sites do not and should never use MD5 indeed.

Really? Yes, hash before bet but he use another string and will be equal! But result will be different..

In fact, this effect is achieved through quick search methods for collision hash functions developed in 2004-2006. If one does not know the collision are two different sets of data having the same hash value. So, in 2004, a group of Chinese researchers developed an algorithm based on differential cryptanalysis, which allows for a relatively short time to find two different random data block size of 128 bytes each, having the same md5 sum. Although this algorithm at one time produced the effect of a bomb of his performance left much to be desired. But already in 2006 Czech cryptographer Vlastimil Klima offered to search for a new collision method to find a couple of different random 128 byte blocks one md5 sum of a personal computer less than a minute.

it's possible for md5, sha256, sha512

sorry for bad english

The whole idea of the provably fair method that dice sites use, is that you get a HASH of the serverseed BEFORE you bet. Therefor you can verify (= provable) if that hash is still the same after the serverseed is revealed.

If the site changes the seed (what you call "fake seed"), the player is able to detect this, because the HASH would be different. Therefor he can prove that he was cheated (or if he was not cheated.) This is provably fair.




On your game, there is no way for the player to know if that specific timestamp is correct. Therefor that is not provably fair.



PS, you look more idiotic with every post you make, so I don't think this is helping much for your reputation as a gambling site owner.

no, NLNico said about my game, but not said about provably faid system of dice.
notice: I do not blame dice sites.

Would you mind to prove that there are many dice sites using fake seed? Saying is easy but without proper proof then it is useless. You said this just because NLNico have a proof that your game is not provably fair, then you try to misslead people about provably fair system.

You write about provably fair https://dicesites.com/provably-fair
You mislead people because many dice sites use fake seed and have full control provably fair system, they can make to lose easy.. and players lost all money.
playing on dice - result is one - lost all money

Just one suggestion.
There are many websites which aren't listed in your website. PM me i will give you names of those

Oh, nice! Thanks for posting it, I'll check it

keep it up

the site is great and if you are the only one who is running it it's very impressive.