Pages:
Author

Topic: Do you verify every bet as a gambler? Provably Fair Guide. - page 13. (Read 4887 times)

hero member
Activity: 2744
Merit: 588
OP I want to know a few game that we should consider to verify the bet, do I have to verify each roll of the dice or do I only have to do it a few time during the game ?

If verifying each bet is cumbersome for you then keep it simple. Before placing first bet, choose your own client seed and copy the server seed hash that site showed you somewhere else (this is to make sure that site doesn't show something else as server seed later). Then play with the same set of seeds for the entire session and when you are done then create a new client seed. Now site will reveal you unhashed server seed which is being used to generate results for all of your bets in the session.

Suppose you placed 50 bets in the session then your results should be generated from the HMAC-sha512 hashes of :

First Bet with "ClientSeed+1" as data and ServerSeed as key
Second Bet with "ClientSeed+2" as data and ServerSeed as key
..
..
..
..
..
Fiftieth Bet with "ClientSeed+50" as data and ServerSeed as key

Now randomly verify 5-6 results and if all match then site is fair!

Actually, I am guilty with that as I seldom do the verification. As I only play in known gambling sites here, I feel I can trust them with provable fairness aspect.
But if the site is new, and wanted to try their site. I try to verify my bet.
But I usually do that only at the start, once I see that the site is practicing provable fairness, I don't verify my succeeding bets.
But if you are shelling a lot of money, I believe you need to verify randomly if they are consistent with their fairness.
legendary
Activity: 1918
Merit: 1728
OP I want to know a few game that we should consider to verify the bet, do I have to verify each roll of the dice or do I only have to do it a few time during the game ?

If verifying each bet is cumbersome for you then keep it simple. Before placing first bet, choose your own client seed and copy the server seed hash that site showed you somewhere else (this is to make sure that site doesn't show something else as server seed later). Then play with the same set of seeds for the entire session and when you are done then create a new client seed. Now site will reveal you unhashed server seed which is being used to generate results for all of your bets in the session.

Suppose you placed 50 bets in the session then your results should be generated from the HMAC-sha512 hashes of :

First Bet with "ClientSeed+1" as data and ServerSeed as key
Second Bet with "ClientSeed+2" as data and ServerSeed as key
..
..
..
..
..
Fiftieth Bet with "ClientSeed+50" as data and ServerSeed as key

Now randomly verify 5-6 results and if all match then site is fair!
legendary
Activity: 2618
Merit: 1181
Would be nice if there is an online tool that automates the checking of seed hash if it has change while betting because to me, manually copying hash seed in every bet is a bit an hassle it would render my gambling experience unenjoyable. -snip-
Agree with you.

Some gambler may assume that betting on reputable and trusted gambling site does not require verification of the bet they play because of the reputation held by the site. But all gambler must verify this bet because this is the best way to find out how fair this site is for gambler.

Manipulation on gambling site may have been reported very often by many people and verifying bet will be an important thing to do. Maybe you and I also feel the same about betting verification, this will take time because it has to be done manually and make my gambling experience no longer fun. But to get justice when betting then it is certainly more useful because it is not good to ignore even the slightest thing if it is related to fairness which will affect our bet.

Previously I also never thought that verifying bet was important before starting a bet, but now I think its mandatory. Gambling sites often make their player paranoid for reason of justice which are always a hot topic of conversation. Just saying "we are a fair site" I dont think it would have been trusted if it hadnt been tested.



OP I want to know a few game that we should consider to verify the bet, do I have to verify each roll of the dice or do I only have to do it a few time during the game ?
sr. member
Activity: 1400
Merit: 269
Would be nice if there is an online tool that automates the checking of seed hash if it has change while betting because to me, manually copying hash seed in every bet is a bit an hassle it would render my gambling experience unenjoyable. Hope you could also develop a GUI plugin for these kinds of problems and avoid gambling sites exploiting the PF feature.
hero member
Activity: 2184
Merit: 891
Leading Crypto Sports Betting and Casino Platform
This was really an interesting information and genuinely new specially for me that have been playing on gambling sites for quite sometime. It is new for me to discover about this Provably Fair script and as a gambler, it is important for me to always do check on my bets that is why I am just playing with small bets so it will be just low risk and low chance of losing money. It was just so nice that the OP have exerted such an effort to study how different Provably Fair scripts from different gambling sites works and notice the difference as a coding enthusiast. It is really amazing to know about this fresh information for me because indeed that if you do not know anything about it, you are not really playing bets but just getting into the flow of the house edge of the gambling site itself. Though the information is really technical and seems hard for many to understand, reading the information stated by the OP is worth a time and really informative.
legendary
Activity: 2576
Merit: 1248
(i) Always copy server seed hash shown to you before betting.
(ii) After bet is complete, create new client seed. Make sure server seed is also changed along with it.
(iii) Once new client seed is created, site will show you unhashed server seed of previous bet. Copy it and convert it to sha256 hash using some third party online tool.
(iv) Match the server seed hash that you copied in step (i) to the one generated in step (iii) and make sure both are exactly same.

 For that the most suitable could a little automated tool that do that, installed as extension on your browser ...  I don't see myself doing all these steps when placing every bet.. !

 It should also check for if there's not hidden script that steal the client seed
 
legendary
Activity: 1918
Merit: 1728
legendary
Activity: 1918
Merit: 1728
Mostly I agree with your post, but in front we also need to understand " provably " it self. There is no game like that, all features using bot and monopoly by system, even a gambler win million the site still get billion from lost gambler. Gambling is game for fun and people misunderstanding about the purposes. Use it to become rich is worst and find favorite player from gambling world will make you stuck in rich " imagination ".

You are absolutely right. Humans have common tendency of greed. They may win one or two times but their greed will drive them to bet more and more and in the end, they lose everything. Generally there are two factors which help fair gambling sites to earn:

(i) House Edge: Suppose a site have house edge of 2% then among 100 bets, roughly 51 will go in the favor of casino while 49 will go in the favor of players. So if each bet worth $100 then casino will make $200 per $10K which are wagered on the site. However, we notice that casinos have much higher profits than 2%. That's because of second factor.

(ii) Players Greed: Even though 49 out of 100 bets go in the favor of players but greed drive players to bet more and more. Suppose I start with $100 and win two games in the row. Now I have $300. But I won't stop here, I will gamble more and it just needed one bet to turn the table. Suppose I increased my bet amount to $150 for third bet and lost! This will further provoke me to go all in for the fourth. And what if I lose the 4th bet? As per the first factor, 2 bets are won by player and 2 are won by house so profit shall be nil. However, greed factor made player to bet everything and lose. Thus house will make the profit of $100 in the end. This scenario happens with 80% players and that's why gambling in profitable business from house's point-of-view even with low house edge.
sr. member
Activity: 658
Merit: 250
enterapp.io PRE-SALE IS LIVE
Mostly I agree with your post, but in front we also need to understand " provably " it self. There is no game like that, all features using bot and monopoly by system, even a gambler win million the site still get billion from lost gambler. Gambling is game for fun and people misunderstanding about the purposes. Use it to become rich is worst and find favorite player from gambling world will make you stuck in rich " imagination ".
legendary
Activity: 2604
Merit: 2353
I thought HMAC-SHA512 was way more time consuming than that.
SHA512 hash is longer than a sha256 hash (64 bytes, 32 bytes respectively). However, the speed of generating hashes depends on the used machine: SHA512 hashes are generated faster than sha256 when using a 64-bit machine.

sorry for going off-topic
"sorry for going off-topic" this is the first time I read that in this section  Cheesy but I don't think it's off-topic at all.
What do you mean? On a 64-bit machine it's faster to generate SHA512 hashes than SHA256 ones?  Huh
Do you have an explanation for that? or a link explaining this strange phenomenon?
legendary
Activity: 2702
Merit: 3045
Top Crypto Casino
I thought HMAC-SHA512 was way more time consuming than that.
SHA512 hash is longer than a sha256 hash (64 bytes, 32 bytes respectively). However, the speed of generating hashes depends on the used machine: SHA512 hashes are generated faster than sha256 when using a 64-bit machine.

sorry for going off-topic
legendary
Activity: 2604
Merit: 2353
[...]
Now if we want to manipulate result, it is very easy. You are right, since the SHA512 is one-way hashing algorithm we cannot do reverse calculation (i.e. deciding client seed from roll number), so we have to use brute forcing. But since we are using brute forcing for two way result (either above 50.5 or below 49.5), you will hit the right hash in probably first attempt, if not then maybe second, third or fourth. I don't think it will take more than 5 attempts ever (unless you are so unlucky Cheesy). Now calculate the time of doing so:

(fraction of milliseconds)*5 = still fraction of milliseconds


Or in other words, it will literally take no time to generate manipulated seed.

Quote
Two strings are created :
STRING1 = "[NONCE]:[SERVER SEED]:[NONCE]"
STRING2 = "[NONCE]:[CLIENT SEED]:[NONCE]"
Then HMAC-SHA512 is used to hash STRING1 with STRING2 as the secret key, giving us a 128 character hex string.
The first 8 characters of the hex string are taken and converted to a decimal.
This decimal is then divided by 429496.7295 and rounded off to the nearest whole number.
This whole number is used as your roll, with the maximum possible value being 10,000.

I just tried this code on my system and hashes were generated at the rate of 132K per second. So every second I have around 66K server seeds to manipulate the result in my favour.
Very interesting datas thank you for this test. I thought HMAC-SHA512 was way more time consuming than that.
We shouldn't forget that several users are playing at the same time and freebitco.in is offering gambles until 94% wining chances.
It means the house has to found one of the 6% losing roll number to cheat the player in this case. But I think they still could handle that.
legendary
Activity: 2702
Merit: 3045
Top Crypto Casino
Also, I am planing to make a site where I will review the provably fair script of most of the gambling sites and provide the form for users to verify their bets independently for each site. But since it is huge work to do, I cannot promise the date. Maybe will create in 2 months or so.
great idea. It's better to check games results using a private tool which is not dependent on the casino.
I found this website and thought it would help you:
https://dicesites.com/
You can improve it and add more casinos.
Took it from here: https://bitcointalksearch.org/topic/what-is-a-provably-fair-and-how-does-it-work-5150219
legendary
Activity: 1918
Merit: 1728
~~snip
Yes I agree with you. But you shouldn't forget that a hash function is usually used to generate the roll number, for example on freebitco.in a HMAC-SHA512 function is used. So it's not possible to calculate the seed from a roll number.
The only solution is to make several tries until you find the good number or at least a number in the good range.
But when you use an auto-bet, it's very fast, some I'm not sure the house would have enough time to compute several seeds until it founds a good one...

You are seriously undermining the power of computer here. I think you are confusing the process with Proof of Work system used in Bitcoin mining. Under PoW, we try the combination of block header with various hexadecimal numbers (nonce) to find a hash whose value is less than the network target. But in case of provably fair, we simply converting concatenated seeds into hash using HMAC-SHA512 algo. It will literally take just fraction of milliseconds to do so.

Now if we want to manipulate result, it is very easy. You are right, since the SHA512 is one-way hashing algorithm we cannot do reverse calculation (i.e. deciding client seed from roll number), so we have to use brute forcing. But since we are using brute forcing for two way result (either above 50.5 or below 49.5), you will hit the right hash in probably first attempt, if not then maybe second, third or fourth. I don't think it will take more than 5 attempts ever (unless you are so unlucky Cheesy). Now calculate the time of doing so:

(fraction of milliseconds)*5 = still fraction of milliseconds


Or in other words, it will literally take no time to generate manipulated seed.

Quote
Two strings are created :
STRING1 = "[NONCE]:[SERVER SEED]:[NONCE]"
STRING2 = "[NONCE]:[CLIENT SEED]:[NONCE]"
Then HMAC-SHA512 is used to hash STRING1 with STRING2 as the secret key, giving us a 128 character hex string.
The first 8 characters of the hex string are taken and converted to a decimal.
This decimal is then divided by 429496.7295 and rounded off to the nearest whole number.
This whole number is used as your roll, with the maximum possible value being 10,000.

I just tried this code on my system and hashes were generated at the rate of 132K per second. So every second I have around 66K server seeds to manipulate the result in my favour.
sr. member
Activity: 1568
Merit: 283
For once please read the excellent post made by OP and I sincerely appreciate the efforts made there.

so far no, mostly i came to dice casino such as primedice or 999dice or fortunejack dice for autobet, double bet when lose then back to the start when win. or double bet when you win then back to the general bet when u lose.
even though its a classic,somehow its still work.
The talk going on is not about betting strategy but it is about whether a gambler is aware of how provably fair works and if they are aware then do they actually verify the bets and randomize the client seeds to make sure the bet result is actually random?

I feel like no one would be verifying each bet and the question raised is genuine because the gambling website can easily manipulate the results if you do not change client seed because they generate the server seed and if you don't change client seed that gives them full control over result.
legendary
Activity: 2604
Merit: 2353
Client seed: It can be anything. It is up to player to choose anything as his client seed. For example, I can use 'webtricksClientSeed' as my client seed or 'thisIsMyRandomClientSeed'. However, while choosing client seed make sure three things:
(i) Always choose new seed for new bet (never try same client seed with new server seed).
(ii) Don't choose easily identifiable seeds like I mentioned above (close your eyes and type random numbers and alphabets. I do like this and it works Cheesy).
Could you elaborate on this statement please? Why it's so important to do that?
Do you think the house program will detect you are always using the same seed and will create a losing server seed for it or it has nothing to do with that? Thank you very much to explain me what you mean (or someone else here).
Yes, house can detect the client seed. This is how the house can detect your client seed:

Bet 1: I used 'myFavSeed' as my client seed. After the bet, I clicked 'new seed' and site changed server seed plus generated new client seed for me, say 'dgbeigeinwo35353'.

Bet 2: But since I love my client seed, I again changed client seed to 'myFavSeed' and played the bet. After second bet, I once again generated new seeds to verify my second bet.

Everything will go well up till here. Since server seed is generated prior to client seed, house have no way to cheat you. But here comes the catch. Suppose house is maintaining the record of every client seed that you verified like this:

User.verifiedClientSeeds = ['myFavSeed', 'myFavSeed'];

Now house can check if client seed used in first bet is same as the second, if true then house will use 'myFavSeed' as dummy client seed and generate a server seed for a specific result. This server seed's hash will be shown to you for third bet.

If you once again choose 'myFavSeed' as your client seed, the result will be same as what house decided before game. However, in games like dice this may not be very advantageous for house. House may fix that the result will be 92.68 but still have no control over Roll over/Roll under which user may choose arbitrarily. But this thing can be disastrous in case of auto bet or if house even maintains the record of your betting habits. For example, if I picked roll over 50.5 four times whereas picked roll under 49.5 eleven times. Then house can draw a trend that I like to pick roll under 49.5 so it will present me server seed such that result generated with that server seed and myFavSeed as client seed will be above 49.5.
Yes I agree with you. But you shouldn't forget that a hash function is usually used to generate the roll number, for example on freebitco.in a HMAC-SHA512 function is used. So it's not possible to calculate the seed from a roll number.
The only solution is to make several tries until you find the good number or at least a number in the good range.
But when you use an auto-bet, it's very fast, some I'm not sure the house would have enough time to compute several seeds until it founds a good one...

Quote
Two strings are created :
STRING1 = "[NONCE]:[SERVER SEED]:[NONCE]"
STRING2 = "[NONCE]:[CLIENT SEED]:[NONCE]"
Then HMAC-SHA512 is used to hash STRING1 with STRING2 as the secret key, giving us a 128 character hex string.
The first 8 characters of the hex string are taken and converted to a decimal.
This decimal is then divided by 429496.7295 and rounded off to the nearest whole number.
This whole number is used as your roll, with the maximum possible value being 10,000.
sr. member
Activity: 1638
Merit: 278
I my self had played several times online but honestly, I don't know how to verify hashes and how provably fair works since I am not a person who is knowledgeable technically. The guides and information provided by OP is informative and useful to verify the provably fair system of the platform you are frequently using. Thank you for sharing.
I agree that the information provided by OP is indeed quite nice and easy to understand for someone who isn't into encrypting and private keys field.

Personally, I know how to verify bets and I sometimes do when I bet big but most of the times when I am betting I do that at reputed sites and the thought that comes to my mind is "The casino will not turn scam for my 0.02 bitcoins" and hence I never care enough to verify my bets. But I really feel that people should change client seed time to time because if the client seed is random it can be seen by the system, no? So better we put new client seed every bet we make.
hero member
Activity: 2926
Merit: 722
DGbet.fun - Crypto Sportsbook
I am not sure if I can check or verify the gambling site from the OP guide as I am only playing gambling on a random day, and I don't need to check to details. I don't know much about the provable system, but that is a good guide that will be useful for someone who wants to verify by themselves. However, I think the provable system itself is fair for every member, and I don't think that the reputable gambling site will cheat their members because that will have a bad effect on the website itself.

Checking provably fairness would really be useful when checking out new gambling sites out there because we wont able to know if we dont verify it and
to those reputable or known sites , they do already passed up such test thats why they do able to become big because they've proven out that their games
are fair or not rigged.This is actually helpful for those people who are really serious on checking out a site if its fair or not but most of the time
they dont really care to verify anything if they do saw that lots of people playing on such place.

But for people who don't know about the system, and they only want to test the gambling site and playing gambling, they will not care about that. They will try to search and find out if that gambling site can be trusted or not so they can deposit more money to play gambling games. I think some people who have skills to verify that gambling site will reveal it to the public to help people know if that site really has a fair system or not.

This is a sure thing because gambling sites reputation wont be known if gambler or players wont test it out and as said there are really people who do really love to test those new platforms.

Im a kind of person that do observe first before making any step or deposits on a site thats why thanks to those people who do test the site and do tell their observation and conclusion.

When it comes on checking provably fair then you can already know and verify if others to confirm it.
hero member
Activity: 2828
Merit: 611
-snip

ineed its a hassel to check often  but it would only be beneficial to some that bet a few big bets and you could be right , what if some of the bets are rigged and they wont notice it because they are busy with our play  but once they catch it and verify that is fake  , that would be a big issue to them  as it can scratch their crediility  especially if they are already established .  and yes also , alot of sites have the same scripts  ,   this can be seen obviously  . there are some that are owned by the same owner  but i dont think its possible to cross verify especially if games are different  
A lot of people actually think like you and make bets but let me clarify how casinos can manipulate rolls without even being caught ever.

1- You determine the client seed.
2- Server seed is always in the control of the casino and rightly so.

Now if you are not changing or checking client seed every bet then the casino can provide a server seed that will be against your bet for example you are doing all bets higher than 49.5 and the casino notices it, they see that the client seed hasn't been changed and they can easily give a server seed that would generate result lower than 49.5 always.
I am not a technical person but really understood it much better after the explanation by webtricks so thank you again!
sr. member
Activity: 1190
Merit: 267
Undeads.com - P2E Runner Game
so far no, mostly i came to dice casino such as primedice or 999dice or fortunejack dice for autobet, double bet when lose then back to the start when win. or double bet when you win then back to the general bet when u lose.
even though its a classic,somehow its still work.
Pages:
Jump to: