Topic: Do you verify every bet as a gambler? Provably Fair Guide. - page 13. (Read 4879 times)

If verifying each bet is cumbersome for you then keep it simple. Before placing first bet, choose your own client seed and copy the server seed hash that site showed you somewhere else (this is to make sure that site doesn't show something else as server seed later). Then play with the same set of seeds for the entire session and when you are done then create a new client seed. Now site will reveal you unhashed server seed which is being used to generate results for all of your bets in the session.

Suppose you placed 50 bets in the session then your results should be generated from the HMAC-sha512 hashes of :

First Bet with "ClientSeed+1" as data and ServerSeed as key
Second Bet with "ClientSeed+2" as data and ServerSeed as key
..
..
..
..
..
Fiftieth Bet with "ClientSeed+50" as data and ServerSeed as key

Now randomly verify 5-6 results and if all match then site is fair!

OP I want to know a few game that we should consider to verify the bet, do I have to verify each roll of the dice or do I only have to do it a few time during the game ?

Would be nice if there is an online tool that automates the checking of seed hash if it has change while betting because to me, manually copying hash seed in every bet is a bit an hassle it would render my gambling experience unenjoyable. -snip-

(i) Always copy server seed hash shown to you before betting.
(ii) After bet is complete, create new client seed. Make sure server seed is also changed along with it.
(iii) Once new client seed is created, site will show you unhashed server seed of previous bet. Copy it and convert it to sha256 hash using some third party online tool.
(iv) Match the server seed hash that you copied in step (i) to the one generated in step (iii) and make sure both are exactly same.

Mostly I agree with your post, but in front we also need to understand " provably " it self. There is no game like that, all features using bot and monopoly by system, even a gambler win million the site still get billion from lost gambler. Gambling is game for fun and people misunderstanding about the purposes. Use it to become rich is worst and find favorite player from gambling world will make you stuck in rich " imagination ".

SHA512 hash is longer than a sha256 hash (64 bytes, 32 bytes respectively). However, the speed of generating hashes depends on the used machine: SHA512 hashes are generated faster than sha256 when using a 64-bit machine.

sorry for going off-topic

I thought HMAC-SHA512 was way more time consuming than that.

[...]
Now if we want to manipulate result, it is very easy. You are right, since the SHA512 is one-way hashing algorithm we cannot do reverse calculation (i.e. deciding client seed from roll number), so we have to use brute forcing. But since we are using brute forcing for two way result (either above 50.5 or below 49.5), you will hit the right hash in probably first attempt, if not then maybe second, third or fourth. I don't think it will take more than 5 attempts ever (unless you are so unlucky ). Now calculate the time of doing so:

(fraction of milliseconds)*5 = still fraction of milliseconds


Or in other words, it will literally take no time to generate manipulated seed.


I just tried this code on my system and hashes were generated at the rate of 132K per second. So every second I have around 66K server seeds to manipulate the result in my favour.

Also, I am planing to make a site where I will review the provably fair script of most of the gambling sites and provide the form for users to verify their bets independently for each site. But since it is huge work to do, I cannot promise the date. Maybe will create in 2 months or so.

Yes I agree with you. But you shouldn't forget that a hash function is usually used to generate the roll number, for example on freebitco.in a HMAC-SHA512 function is used. So it's not possible to calculate the seed from a roll number.
The only solution is to make several tries until you find the good number or at least a number in the good range.
But when you use an auto-bet, it's very fast, some I'm not sure the house would have enough time to compute several seeds until it founds a good one...

so far no, mostly i came to dice casino such as primedice or 999dice or fortunejack dice for autobet, double bet when lose then back to the start when win. or double bet when you win then back to the general bet when u lose.
even though its a classic,somehow its still work.

Yes, house can detect the client seed. This is how the house can detect your client seed:

Bet 1: I used 'myFavSeed' as my client seed. After the bet, I clicked 'new seed' and site changed server seed plus generated new client seed for me, say 'dgbeigeinwo35353'.

Bet 2: But since I love my client seed, I again changed client seed to 'myFavSeed' and played the bet. After second bet, I once again generated new seeds to verify my second bet.

Everything will go well up till here. Since server seed is generated prior to client seed, house have no way to cheat you. But here comes the catch. Suppose house is maintaining the record of every client seed that you verified like this:

User.verifiedClientSeeds = ['myFavSeed', 'myFavSeed'];

Now house can check if client seed used in first bet is same as the second, if true then house will use 'myFavSeed' as dummy client seed and generate a server seed for a specific result. This server seed's hash will be shown to you for third bet.

If you once again choose 'myFavSeed' as your client seed, the result will be same as what house decided before game. However, in games like dice this may not be very advantageous for house. House may fix that the result will be 92.68 but still have no control over Roll over/Roll under which user may choose arbitrarily. But this thing can be disastrous in case of auto bet or if house even maintains the record of your betting habits. For example, if I picked roll over 50.5 four times whereas picked roll under 49.5 eleven times. Then house can draw a trend that I like to pick roll under 49.5 so it will present me server seed such that result generated with that server seed and myFavSeed as client seed will be above 49.5.

Two strings are created :
STRING1 = "[NONCE]:[SERVER SEED]:[NONCE]"
STRING2 = "[NONCE]:[CLIENT SEED]:[NONCE]"
Then HMAC-SHA512 is used to hash STRING1 with STRING2 as the secret key, giving us a 128 character hex string.
The first 8 characters of the hex string are taken and converted to a decimal.
This decimal is then divided by 429496.7295 and rounded off to the nearest whole number.
This whole number is used as your roll, with the maximum possible value being 10,000.

I my self had played several times online but honestly, I don't know how to verify hashes and how provably fair works since I am not a person who is knowledgeable technically. The guides and information provided by OP is informative and useful to verify the provably fair system of the platform you are frequently using. Thank you for sharing.

But for people who don't know about the system, and they only want to test the gambling site and playing gambling, they will not care about that. They will try to search and find out if that gambling site can be trusted or not so they can deposit more money to play gambling games. I think some people who have skills to verify that gambling site will reveal it to the public to help people know if that site really has a fair system or not.

ineed its a hassel to check often  but it would only be beneficial to some that bet a few big bets and you could be right , what if some of the bets are rigged and they wont notice it because they are busy with our play  but once they catch it and verify that is fake  , that would be a big issue to them  as it can scratch their crediility  especially if they are already established .  and yes also , alot of sites have the same scripts  ,   this can be seen obviously  . there are some that are owned by the same owner  but i dont think its possible to cross verify especially if games are different